Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TNT Original Documents AWB 8013580.bat.exe

Overview

General Information

Sample name:TNT Original Documents AWB 8013580.bat.exe
Analysis ID:1533040
MD5:4547d92046a773ade182813b8dab2808
SHA1:c93a0f354cfc5d4ede8ac6598fbfd48270344367
SHA256:86564d4471500d3932d0afddc8a0a524982e6b7f3a70630d47e214d31bd166e5
Tags:batexeTNTuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13e8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2f013:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x17152:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Process Memory Space: TNT Original Documents AWB 8013580.bat.exe PID: 7364JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f013:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17152:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e213:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: TNT Original Documents AWB 8013580.bat.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: TNT Original Documents AWB 8013580.bat.exeVirustotal: Detection: 32%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: TNT Original Documents AWB 8013580.bat.exeJoe Sandbox ML: detected
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: TNT Original Documents AWB 8013580.bat.exe, TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp
            Source: TNT Original Documents AWB 8013580.bat.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: TNT Original Documents AWB 8013580.bat.exe
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0042C303 NtClose,4_2_0042C303
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_016A2DF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_016A2C70
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A35C0 NtCreateMutant,LdrInitializeThunk,4_2_016A35C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A4340 NtSetContextThread,4_2_016A4340
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A4650 NtSuspendThread,4_2_016A4650
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2B60 NtClose,4_2_016A2B60
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2BE0 NtQueryValueKey,4_2_016A2BE0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2BF0 NtAllocateVirtualMemory,4_2_016A2BF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2BA0 NtEnumerateValueKey,4_2_016A2BA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2B80 NtQueryInformationFile,4_2_016A2B80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2AF0 NtWriteFile,4_2_016A2AF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2AD0 NtReadFile,4_2_016A2AD0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2AB0 NtWaitForSingleObject,4_2_016A2AB0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2D30 NtUnmapViewOfSection,4_2_016A2D30
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2D00 NtSetInformationFile,4_2_016A2D00
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2D10 NtMapViewOfSection,4_2_016A2D10
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2DD0 NtDelayExecution,4_2_016A2DD0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2DB0 NtEnumerateKey,4_2_016A2DB0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2C60 NtCreateKey,4_2_016A2C60
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2C00 NtQueryInformationProcess,4_2_016A2C00
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2CF0 NtOpenProcess,4_2_016A2CF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2CC0 NtQueryVirtualMemory,4_2_016A2CC0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2CA0 NtQueryInformationToken,4_2_016A2CA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2F60 NtCreateProcessEx,4_2_016A2F60
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2F30 NtCreateSection,4_2_016A2F30
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2FE0 NtCreateFile,4_2_016A2FE0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2FA0 NtQuerySection,4_2_016A2FA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2FB0 NtResumeThread,4_2_016A2FB0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2F90 NtProtectVirtualMemory,4_2_016A2F90
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2E30 NtWriteVirtualMemory,4_2_016A2E30
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2EE0 NtQueueApcThread,4_2_016A2EE0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2EA0 NtAdjustPrivilegesToken,4_2_016A2EA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2E80 NtReadVirtualMemory,4_2_016A2E80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A3010 NtOpenDirectoryObject,4_2_016A3010
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A3090 NtSetValueKey,4_2_016A3090
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A39B0 NtGetContextThread,4_2_016A39B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A3D70 NtOpenThread,4_2_016A3D70
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A3D10 NtOpenProcessToken,4_2_016A3D10
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_009EE1F40_2_009EE1F4
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_06F87B300_2_06F87B30
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_06F87B220_2_06F87B22
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_07036B900_2_07036B90
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_070324570_2_07032457
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_070324680_2_07032468
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_0703328F0_2_0703328F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_070332A00_2_070332A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_070308180_2_07030818
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_070308300_2_07030830
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_070328A00_2_070328A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004030404_2_00403040
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0042E9034_2_0042E903
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004012104_2_00401210
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0040FB534_2_0040FB53
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004023704_2_00402370
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004164C34_2_004164C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0040FD734_2_0040FD73
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0040DDF34_2_0040DDF3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F81584_2_016F8158
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016601004_2_01660100
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170A1184_2_0170A118
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017281CC4_2_017281CC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017301AA4_2_017301AA
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017020004_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172A3524_2_0172A352
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017303E64_2_017303E6
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E3F04_2_0167E3F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017102744_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F02C04_2_016F02C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016705354_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017305914_2_01730591
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017224464_2_01722446
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017144204_2_01714420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171E4F64_2_0171E4F6
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016707704_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016947504_2_01694750
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166C7C04_2_0166C7C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168C6E04_2_0168C6E0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016869624_2_01686962
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A04_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0173A9A64_2_0173A9A6
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016728404_2_01672840
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167A8404_2_0167A840
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E8F04_2_0169E8F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016568B84_2_016568B8
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172AB404_2_0172AB40
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01726BD74_2_01726BD7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA804_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167AD004_2_0167AD00
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170CD1F4_2_0170CD1F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166ADE04_2_0166ADE0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01688DBF4_2_01688DBF
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670C004_2_01670C00
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660CF24_2_01660CF2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710CB54_2_01710CB5
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E4F404_2_016E4F40
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01712F304_2_01712F30
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B2F284_2_016B2F28
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01690F304_2_01690F30
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167CFE04_2_0167CFE0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01662FC84_2_01662FC8
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EEFA04_2_016EEFA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670E594_2_01670E59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172EE264_2_0172EE26
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172EEDB4_2_0172EEDB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172CE934_2_0172CE93
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682E904_2_01682E90
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A516C4_2_016A516C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165F1724_2_0165F172
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0173B16B4_2_0173B16B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167B1B04_2_0167B1B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172F0E04_2_0172F0E0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017270E94_2_017270E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016770C04_2_016770C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171F0CC4_2_0171F0CC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165D34C4_2_0165D34C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172132D4_2_0172132D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B739A4_2_016B739A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017112ED4_2_017112ED
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168B2C04_2_0168B2C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016752A04_2_016752A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017275714_2_01727571
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170D5B04_2_0170D5B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016614604_2_01661460
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172F43F4_2_0172F43F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172F7B04_2_0172F7B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017216CC4_2_017216CC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016799504_2_01679950
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168B9504_2_0168B950
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017059104_2_01705910
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DD8004_2_016DD800
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016738E04_2_016738E0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172FB764_2_0172FB76
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016ADBF94_2_016ADBF9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E5BF04_2_016E5BF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168FB804_2_0168FB80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E3A6C4_2_016E3A6C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01727A464_2_01727A46
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172FA494_2_0172FA49
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171DAC64_2_0171DAC6
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B5AA04_2_016B5AA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01711AA34_2_01711AA3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170DAAC4_2_0170DAAC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01727D734_2_01727D73
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01673D404_2_01673D40
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01721D5A4_2_01721D5A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168FDC04_2_0168FDC0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E9C324_2_016E9C32
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172FCF24_2_0172FCF2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172FF094_2_0172FF09
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172FFB14_2_0172FFB1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01671F924_2_01671F92
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01679EB04_2_01679EB0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: String function: 016EF290 appears 105 times
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: String function: 016B7E54 appears 101 times
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: String function: 016DEA12 appears 86 times
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: String function: 016A5130 appears 58 times
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: String function: 0165B970 appears 280 times
            Source: TNT Original Documents AWB 8013580.bat.exe, 00000000.00000002.1412907442.00000000009FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs TNT Original Documents AWB 8013580.bat.exe
            Source: TNT Original Documents AWB 8013580.bat.exe, 00000000.00000000.1393219321.00000000002B2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelKk.exeD vs TNT Original Documents AWB 8013580.bat.exe
            Source: TNT Original Documents AWB 8013580.bat.exe, 00000000.00000002.1418264494.00000000073A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs TNT Original Documents AWB 8013580.bat.exe
            Source: TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.000000000175D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TNT Original Documents AWB 8013580.bat.exe
            Source: TNT Original Documents AWB 8013580.bat.exeBinary or memory string: OriginalFilenamelKk.exeD vs TNT Original Documents AWB 8013580.bat.exe
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, jX0cIPCFeyLeq3FhA2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, jX0cIPCFeyLeq3FhA2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, jX0cIPCFeyLeq3FhA2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.evad.winEXE@5/1@0/0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TNT Original Documents AWB 8013580.bat.exe.logJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMutant created: NULL
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: TNT Original Documents AWB 8013580.bat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: TNT Original Documents AWB 8013580.bat.exeVirustotal: Detection: 32%
            Source: unknownProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: wntdll.pdbUGP source: TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: TNT Original Documents AWB 8013580.bat.exe, TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.cs.Net Code: ojLbjS7eBS System.Reflection.Assembly.Load(byte[])
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.cs.Net Code: ojLbjS7eBS System.Reflection.Assembly.Load(byte[])
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.cs.Net Code: ojLbjS7eBS System.Reflection.Assembly.Load(byte[])
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: 0x86F70E0E [Wed Oct 2 14:45:34 2041 UTC]
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 0_2_06F8E008 push es; iretd 0_2_06F8E01C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00414061 push es; iretd 4_2_00414075
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0041F19B push ecx; retf 4_2_0041F19C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00401A71 pushfd ; retf 4_2_00401ABE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004032C0 push eax; ret 4_2_004032C2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004162CC pushad ; ret 4_2_004162CD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_004233F0 push ebx; retf 4_2_004233F1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00404D68 push es; retf 4_2_00404D6F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00413DC3 push edx; retf 4_2_00413DFD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00414632 push es; iretd 4_2_00414633
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00413E3A push edx; retf 4_2_00413DFD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00415723 push edx; ret 4_2_004157E6
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00404FCF push 001D5E1Fh; retf 4_2_00404FD4
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00401F9C push esp; ret 4_2_00401FAE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016609AD push ecx; mov dword ptr [esp], ecx4_2_016609B6
            Source: TNT Original Documents AWB 8013580.bat.exeStatic PE information: section name: .text entropy: 7.7700013936624215
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, Wj7fLirFPn8MH5d7Bo.csHigh entropy of concatenated method names: 'rA3j9pFs8', 'eAuKKcRgp', 'it4f9E3GD', 'xP0JRhAyS', 'cqMFsQuhl', 'wnCUbCnbV', 'zIiVLaGCGs65gS4A1o', 'uf9UHaUpTpcbKKemtx', 'SqCdNP7Hd', 'llBPEfxT0'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, HAZjjD68JPWbCyDYLl8.csHigh entropy of concatenated method names: 'TAU3O9WjYj', 'Nu13H7sQyG', 'gMg3jX6wpn', 'NcI3KPO0Jn', 'xeQ30UqD8L', 'c4y3f7syKa', 'HPQ3JeMNj3', 'YG93ClwVsG', 'Xu03Fju1og', 'Fh23U7vkEu'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, p2y1Gqa6QgWelXO7N2.csHigh entropy of concatenated method names: 'Dispose', 'f4b6yka4WQ', 'kqUrhwSqFe', 'hSV22k8atB', 'CC66iIrkPg', 'O7b6z5IXEa', 'ProcessDialogKey', 'M9Rr8Kusd8', 'ugBr6fhsOh', 'Q1wrrYBIGZ'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, d1x5ehhspujKTqfvvl.csHigh entropy of concatenated method names: 'QVFf5T4r7rUNg3sSvX1', 'wlXgLx4T0HmRyECSZdl', 'K0YAdmmDfM', 'WyGA31uLc7', 'HXOAPggZiC', 'fIhFn04WSy6Is82CqVu', 'WSY6sj4bfUPJ4ytNwYG'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, Kh3mY5U4j7G1GH3kaV.csHigh entropy of concatenated method names: 'ojIt05h1gw', 'KwVtJqSTgj', 'w7DoDqh6Ox', 'FU6olqmG0c', 'J8FommwBuN', 'Dljokxo8ZJ', 'lJJogMeisc', 'UXCo10rbxy', 'HKIoqu1wAg', 'cgVoWFam1d'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, jBIGZviTWASKt3GFX4.csHigh entropy of concatenated method names: 'j2J36cHE62', 'kTv3TkoEWJ', 'WQq3bgv95u', 'xTY3Eveiga', 'uRi3ahrOis', 'r2A3tuKnG8', 'F1y3AV5dtm', 'lahdB2Ritc', 'CdDdvsqvl5', 'k53dyFXtsj'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, MGiMTfga5WSy0W5LrN.csHigh entropy of concatenated method names: 'p98YEQHvBH', 'WY8Yo55ojq', 'uicYAl4Y9Z', 'lUZAisYICl', 'wfgAznFXQq', 'dvYY8Lk5D7', 'OI2Y6Sk8Tt', 'XggYr7WqKy', 'jBQYTnydZj', 'KmCYbq2dHI'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, UKusd8yQgBfhsOhu1w.csHigh entropy of concatenated method names: 'ApRdXjYQ4N', 'pbUdhXHlGL', 's2KdDgGf0w', 'Y1pdl8DZvC', 'TUDdumxEv1', 'WlFdmOX7ih', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, iRksO5StIoBmnRGTNr.csHigh entropy of concatenated method names: 'wJUcx1C97l', 'o4pc5II45G', 'ToString', 'tZYcEsDEQI', 'B2ucaLxIl3', 'lOHcoWtncP', 'za1ctKFUCg', 'imLcA3wceb', 'UR4cY21UEZ', 'vtgcZS3A9r'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, lJsFHW7S8ledgDIW1R.csHigh entropy of concatenated method names: 'ngacvnKa9h', 'di1ciTOGlb', 'pSjd89QIor', 'oQLd6fepp6', 'ywXcp7cLYj', 'rnwc9U0M2x', 'UDccwrh9yu', 'dWocukk4VS', 'wRPcnyxYxc', 'pIIcIXxV4v'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.csHigh entropy of concatenated method names: 'cJ3TLMJN2M', 'WOoTEbJFVk', 'MViTamZaj3', 'jRfToyOUUC', 'dIATtFjfZq', 'lWUTA5hMwN', 'GqjTYB2Py6', 'pycTZU8yIx', 'VjTTeWMHSt', 'kihTxS2SBW'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, O0gdhnbf3lrCsrZgWS.csHigh entropy of concatenated method names: 'YmY6YX0cIP', 'Eey6ZLeq3F', 'MNf6xpeBnv', 'Mvq65Ikh3m', 'y3k6saVUAf', 'j8H6GFAFPD', 'tKf9j2A5oicyEJ9JKW', 'EFyFdElXDqVNeSYyqv', 'Ipl66BQa0S', 'EK66TaXtX3'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, D6IrkPvgp7b5IXEaq9.csHigh entropy of concatenated method names: 'mZXdEQRtWW', 'WMkda4G9Zx', 'Q3bdoMF7yp', 'EPWdt47Ltk', 'G32dAP5rLi', 'IGsdYtynFu', 'noJdZCfX66', 'krjdel0hi5', 'jpXdx91rL2', 'cA0d5cF1yU'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, ohSXa2Irpkg80A21VE.csHigh entropy of concatenated method names: 'ToString', 'y4YGpLEthQ', 'LUeGhD5MHs', 'OFPGD2qPNq', 'rJCGlOKCMD', 'KFfGmQx1Xa', 'eDPGkGWOQ1', 'TfaGguN1de', 'WE3G1pqP4B', 'WGWGqSewKo'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, QJc5HtoI6HCrLrhPgw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BVEryu5shA', 'D1DrifrVYk', 'jFtrzxZywn', 'X9IT893sv4', 'PtrT6C5aB9', 'B3UTrddtMu', 'dqtTTZGVji', 'jsE4naJaX6NhPAOOnJC'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, qhoJGBwcuWcdRvmcQJ.csHigh entropy of concatenated method names: 'y2oMC0QT0u', 'MxFMFSdhP2', 'MNpMXIDMGe', 'VAYMhMFKT2', 'LulMlaojAj', 'jdeMmH1rUv', 'L2SMgocMH8', 'NZ6M14S5yd', 'b4vMWBP1K5', 'uqIMpT2xSD'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, DntW2qFNfpeBnv1vqI.csHigh entropy of concatenated method names: 'jvPoKbZJV6', 'SDSofWgsSo', 'jc6oCCZNxp', 'UMNoFaPgl5', 'O3jos8RnFu', 'jeIoGQq3OL', 'EuSoc3UH1k', 'pnModkd7FR', 'tT0o3KcZC3', 'mtroPxRRjp'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, rHEZxjqLAe7fPGjxJY.csHigh entropy of concatenated method names: 'IDvYOOW6Mi', 'a4MYH9Qgtu', 'SC0YjtBJrX', 'LnJYKRHc6f', 'aEBY0ms5As', 'jLiYf3WyML', 'NuaYJTfrhx', 'NUsYCTuo1a', 'VmaYFGG4nv', 'dZQYUu0QBy'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, tSJUo46TZqkPs1mgxMa.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QkaPuEM7V5', 'GXXPn3RmfS', 'rQwPI7WqgA', 'Ni2PSQGUmy', 'oRcPRHPPuA', 'BtGP7sZLp6', 'ITvPBXOvKM'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, jX0cIPCFeyLeq3FhA2.csHigh entropy of concatenated method names: 'fBXausDeO1', 'VGBan17SIZ', 'H2aaICEwyS', 'UGUaS4aLZ0', 'iXZaRr15HH', 'qXga7wMCKG', 'wc6aB008bb', 'yOaav2xA59', 'piRayI55hH', 'Gbvait2o2d'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, FAfY8HXFAFPDpNlYjG.csHigh entropy of concatenated method names: 'DChALeH8w5', 'F6hAa0O70b', 'kuWAtEoNM3', 'GZCAYUGTqu', 'JCVAZbwB6t', 'pLItRbb49j', 'nLLt73AikB', 'fqUtBobw8L', 'JYvtvSPT2Q', 'JB9tyemugv'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, RfiI1Zu4Eogyerhd7p.csHigh entropy of concatenated method names: 'eOOsWGeb3N', 'aA6s985KBO', 'YjxsuWV4DP', 'L1WsnjakF9', 'lnhsh1rvKF', 'NmAsDLULQU', 'QmYslnR0Ud', 'ykPsma0u7q', 'zJ4skmD41L', 'VY9sgWsalf'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, Wj7fLirFPn8MH5d7Bo.csHigh entropy of concatenated method names: 'rA3j9pFs8', 'eAuKKcRgp', 'it4f9E3GD', 'xP0JRhAyS', 'cqMFsQuhl', 'wnCUbCnbV', 'zIiVLaGCGs65gS4A1o', 'uf9UHaUpTpcbKKemtx', 'SqCdNP7Hd', 'llBPEfxT0'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, HAZjjD68JPWbCyDYLl8.csHigh entropy of concatenated method names: 'TAU3O9WjYj', 'Nu13H7sQyG', 'gMg3jX6wpn', 'NcI3KPO0Jn', 'xeQ30UqD8L', 'c4y3f7syKa', 'HPQ3JeMNj3', 'YG93ClwVsG', 'Xu03Fju1og', 'Fh23U7vkEu'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, p2y1Gqa6QgWelXO7N2.csHigh entropy of concatenated method names: 'Dispose', 'f4b6yka4WQ', 'kqUrhwSqFe', 'hSV22k8atB', 'CC66iIrkPg', 'O7b6z5IXEa', 'ProcessDialogKey', 'M9Rr8Kusd8', 'ugBr6fhsOh', 'Q1wrrYBIGZ'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, d1x5ehhspujKTqfvvl.csHigh entropy of concatenated method names: 'QVFf5T4r7rUNg3sSvX1', 'wlXgLx4T0HmRyECSZdl', 'K0YAdmmDfM', 'WyGA31uLc7', 'HXOAPggZiC', 'fIhFn04WSy6Is82CqVu', 'WSY6sj4bfUPJ4ytNwYG'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, Kh3mY5U4j7G1GH3kaV.csHigh entropy of concatenated method names: 'ojIt05h1gw', 'KwVtJqSTgj', 'w7DoDqh6Ox', 'FU6olqmG0c', 'J8FommwBuN', 'Dljokxo8ZJ', 'lJJogMeisc', 'UXCo10rbxy', 'HKIoqu1wAg', 'cgVoWFam1d'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, jBIGZviTWASKt3GFX4.csHigh entropy of concatenated method names: 'j2J36cHE62', 'kTv3TkoEWJ', 'WQq3bgv95u', 'xTY3Eveiga', 'uRi3ahrOis', 'r2A3tuKnG8', 'F1y3AV5dtm', 'lahdB2Ritc', 'CdDdvsqvl5', 'k53dyFXtsj'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, MGiMTfga5WSy0W5LrN.csHigh entropy of concatenated method names: 'p98YEQHvBH', 'WY8Yo55ojq', 'uicYAl4Y9Z', 'lUZAisYICl', 'wfgAznFXQq', 'dvYY8Lk5D7', 'OI2Y6Sk8Tt', 'XggYr7WqKy', 'jBQYTnydZj', 'KmCYbq2dHI'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, UKusd8yQgBfhsOhu1w.csHigh entropy of concatenated method names: 'ApRdXjYQ4N', 'pbUdhXHlGL', 's2KdDgGf0w', 'Y1pdl8DZvC', 'TUDdumxEv1', 'WlFdmOX7ih', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, iRksO5StIoBmnRGTNr.csHigh entropy of concatenated method names: 'wJUcx1C97l', 'o4pc5II45G', 'ToString', 'tZYcEsDEQI', 'B2ucaLxIl3', 'lOHcoWtncP', 'za1ctKFUCg', 'imLcA3wceb', 'UR4cY21UEZ', 'vtgcZS3A9r'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, lJsFHW7S8ledgDIW1R.csHigh entropy of concatenated method names: 'ngacvnKa9h', 'di1ciTOGlb', 'pSjd89QIor', 'oQLd6fepp6', 'ywXcp7cLYj', 'rnwc9U0M2x', 'UDccwrh9yu', 'dWocukk4VS', 'wRPcnyxYxc', 'pIIcIXxV4v'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.csHigh entropy of concatenated method names: 'cJ3TLMJN2M', 'WOoTEbJFVk', 'MViTamZaj3', 'jRfToyOUUC', 'dIATtFjfZq', 'lWUTA5hMwN', 'GqjTYB2Py6', 'pycTZU8yIx', 'VjTTeWMHSt', 'kihTxS2SBW'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, O0gdhnbf3lrCsrZgWS.csHigh entropy of concatenated method names: 'YmY6YX0cIP', 'Eey6ZLeq3F', 'MNf6xpeBnv', 'Mvq65Ikh3m', 'y3k6saVUAf', 'j8H6GFAFPD', 'tKf9j2A5oicyEJ9JKW', 'EFyFdElXDqVNeSYyqv', 'Ipl66BQa0S', 'EK66TaXtX3'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, D6IrkPvgp7b5IXEaq9.csHigh entropy of concatenated method names: 'mZXdEQRtWW', 'WMkda4G9Zx', 'Q3bdoMF7yp', 'EPWdt47Ltk', 'G32dAP5rLi', 'IGsdYtynFu', 'noJdZCfX66', 'krjdel0hi5', 'jpXdx91rL2', 'cA0d5cF1yU'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, ohSXa2Irpkg80A21VE.csHigh entropy of concatenated method names: 'ToString', 'y4YGpLEthQ', 'LUeGhD5MHs', 'OFPGD2qPNq', 'rJCGlOKCMD', 'KFfGmQx1Xa', 'eDPGkGWOQ1', 'TfaGguN1de', 'WE3G1pqP4B', 'WGWGqSewKo'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, QJc5HtoI6HCrLrhPgw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BVEryu5shA', 'D1DrifrVYk', 'jFtrzxZywn', 'X9IT893sv4', 'PtrT6C5aB9', 'B3UTrddtMu', 'dqtTTZGVji', 'jsE4naJaX6NhPAOOnJC'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, qhoJGBwcuWcdRvmcQJ.csHigh entropy of concatenated method names: 'y2oMC0QT0u', 'MxFMFSdhP2', 'MNpMXIDMGe', 'VAYMhMFKT2', 'LulMlaojAj', 'jdeMmH1rUv', 'L2SMgocMH8', 'NZ6M14S5yd', 'b4vMWBP1K5', 'uqIMpT2xSD'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, DntW2qFNfpeBnv1vqI.csHigh entropy of concatenated method names: 'jvPoKbZJV6', 'SDSofWgsSo', 'jc6oCCZNxp', 'UMNoFaPgl5', 'O3jos8RnFu', 'jeIoGQq3OL', 'EuSoc3UH1k', 'pnModkd7FR', 'tT0o3KcZC3', 'mtroPxRRjp'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, rHEZxjqLAe7fPGjxJY.csHigh entropy of concatenated method names: 'IDvYOOW6Mi', 'a4MYH9Qgtu', 'SC0YjtBJrX', 'LnJYKRHc6f', 'aEBY0ms5As', 'jLiYf3WyML', 'NuaYJTfrhx', 'NUsYCTuo1a', 'VmaYFGG4nv', 'dZQYUu0QBy'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, tSJUo46TZqkPs1mgxMa.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QkaPuEM7V5', 'GXXPn3RmfS', 'rQwPI7WqgA', 'Ni2PSQGUmy', 'oRcPRHPPuA', 'BtGP7sZLp6', 'ITvPBXOvKM'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, jX0cIPCFeyLeq3FhA2.csHigh entropy of concatenated method names: 'fBXausDeO1', 'VGBan17SIZ', 'H2aaICEwyS', 'UGUaS4aLZ0', 'iXZaRr15HH', 'qXga7wMCKG', 'wc6aB008bb', 'yOaav2xA59', 'piRayI55hH', 'Gbvait2o2d'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, FAfY8HXFAFPDpNlYjG.csHigh entropy of concatenated method names: 'DChALeH8w5', 'F6hAa0O70b', 'kuWAtEoNM3', 'GZCAYUGTqu', 'JCVAZbwB6t', 'pLItRbb49j', 'nLLt73AikB', 'fqUtBobw8L', 'JYvtvSPT2Q', 'JB9tyemugv'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, RfiI1Zu4Eogyerhd7p.csHigh entropy of concatenated method names: 'eOOsWGeb3N', 'aA6s985KBO', 'YjxsuWV4DP', 'L1WsnjakF9', 'lnhsh1rvKF', 'NmAsDLULQU', 'QmYslnR0Ud', 'ykPsma0u7q', 'zJ4skmD41L', 'VY9sgWsalf'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, Wj7fLirFPn8MH5d7Bo.csHigh entropy of concatenated method names: 'rA3j9pFs8', 'eAuKKcRgp', 'it4f9E3GD', 'xP0JRhAyS', 'cqMFsQuhl', 'wnCUbCnbV', 'zIiVLaGCGs65gS4A1o', 'uf9UHaUpTpcbKKemtx', 'SqCdNP7Hd', 'llBPEfxT0'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, HAZjjD68JPWbCyDYLl8.csHigh entropy of concatenated method names: 'TAU3O9WjYj', 'Nu13H7sQyG', 'gMg3jX6wpn', 'NcI3KPO0Jn', 'xeQ30UqD8L', 'c4y3f7syKa', 'HPQ3JeMNj3', 'YG93ClwVsG', 'Xu03Fju1og', 'Fh23U7vkEu'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, p2y1Gqa6QgWelXO7N2.csHigh entropy of concatenated method names: 'Dispose', 'f4b6yka4WQ', 'kqUrhwSqFe', 'hSV22k8atB', 'CC66iIrkPg', 'O7b6z5IXEa', 'ProcessDialogKey', 'M9Rr8Kusd8', 'ugBr6fhsOh', 'Q1wrrYBIGZ'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, d1x5ehhspujKTqfvvl.csHigh entropy of concatenated method names: 'QVFf5T4r7rUNg3sSvX1', 'wlXgLx4T0HmRyECSZdl', 'K0YAdmmDfM', 'WyGA31uLc7', 'HXOAPggZiC', 'fIhFn04WSy6Is82CqVu', 'WSY6sj4bfUPJ4ytNwYG'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, Kh3mY5U4j7G1GH3kaV.csHigh entropy of concatenated method names: 'ojIt05h1gw', 'KwVtJqSTgj', 'w7DoDqh6Ox', 'FU6olqmG0c', 'J8FommwBuN', 'Dljokxo8ZJ', 'lJJogMeisc', 'UXCo10rbxy', 'HKIoqu1wAg', 'cgVoWFam1d'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, jBIGZviTWASKt3GFX4.csHigh entropy of concatenated method names: 'j2J36cHE62', 'kTv3TkoEWJ', 'WQq3bgv95u', 'xTY3Eveiga', 'uRi3ahrOis', 'r2A3tuKnG8', 'F1y3AV5dtm', 'lahdB2Ritc', 'CdDdvsqvl5', 'k53dyFXtsj'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, MGiMTfga5WSy0W5LrN.csHigh entropy of concatenated method names: 'p98YEQHvBH', 'WY8Yo55ojq', 'uicYAl4Y9Z', 'lUZAisYICl', 'wfgAznFXQq', 'dvYY8Lk5D7', 'OI2Y6Sk8Tt', 'XggYr7WqKy', 'jBQYTnydZj', 'KmCYbq2dHI'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, UKusd8yQgBfhsOhu1w.csHigh entropy of concatenated method names: 'ApRdXjYQ4N', 'pbUdhXHlGL', 's2KdDgGf0w', 'Y1pdl8DZvC', 'TUDdumxEv1', 'WlFdmOX7ih', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, iRksO5StIoBmnRGTNr.csHigh entropy of concatenated method names: 'wJUcx1C97l', 'o4pc5II45G', 'ToString', 'tZYcEsDEQI', 'B2ucaLxIl3', 'lOHcoWtncP', 'za1ctKFUCg', 'imLcA3wceb', 'UR4cY21UEZ', 'vtgcZS3A9r'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, lJsFHW7S8ledgDIW1R.csHigh entropy of concatenated method names: 'ngacvnKa9h', 'di1ciTOGlb', 'pSjd89QIor', 'oQLd6fepp6', 'ywXcp7cLYj', 'rnwc9U0M2x', 'UDccwrh9yu', 'dWocukk4VS', 'wRPcnyxYxc', 'pIIcIXxV4v'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.csHigh entropy of concatenated method names: 'cJ3TLMJN2M', 'WOoTEbJFVk', 'MViTamZaj3', 'jRfToyOUUC', 'dIATtFjfZq', 'lWUTA5hMwN', 'GqjTYB2Py6', 'pycTZU8yIx', 'VjTTeWMHSt', 'kihTxS2SBW'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, O0gdhnbf3lrCsrZgWS.csHigh entropy of concatenated method names: 'YmY6YX0cIP', 'Eey6ZLeq3F', 'MNf6xpeBnv', 'Mvq65Ikh3m', 'y3k6saVUAf', 'j8H6GFAFPD', 'tKf9j2A5oicyEJ9JKW', 'EFyFdElXDqVNeSYyqv', 'Ipl66BQa0S', 'EK66TaXtX3'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, D6IrkPvgp7b5IXEaq9.csHigh entropy of concatenated method names: 'mZXdEQRtWW', 'WMkda4G9Zx', 'Q3bdoMF7yp', 'EPWdt47Ltk', 'G32dAP5rLi', 'IGsdYtynFu', 'noJdZCfX66', 'krjdel0hi5', 'jpXdx91rL2', 'cA0d5cF1yU'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, ohSXa2Irpkg80A21VE.csHigh entropy of concatenated method names: 'ToString', 'y4YGpLEthQ', 'LUeGhD5MHs', 'OFPGD2qPNq', 'rJCGlOKCMD', 'KFfGmQx1Xa', 'eDPGkGWOQ1', 'TfaGguN1de', 'WE3G1pqP4B', 'WGWGqSewKo'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, QJc5HtoI6HCrLrhPgw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BVEryu5shA', 'D1DrifrVYk', 'jFtrzxZywn', 'X9IT893sv4', 'PtrT6C5aB9', 'B3UTrddtMu', 'dqtTTZGVji', 'jsE4naJaX6NhPAOOnJC'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, qhoJGBwcuWcdRvmcQJ.csHigh entropy of concatenated method names: 'y2oMC0QT0u', 'MxFMFSdhP2', 'MNpMXIDMGe', 'VAYMhMFKT2', 'LulMlaojAj', 'jdeMmH1rUv', 'L2SMgocMH8', 'NZ6M14S5yd', 'b4vMWBP1K5', 'uqIMpT2xSD'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, DntW2qFNfpeBnv1vqI.csHigh entropy of concatenated method names: 'jvPoKbZJV6', 'SDSofWgsSo', 'jc6oCCZNxp', 'UMNoFaPgl5', 'O3jos8RnFu', 'jeIoGQq3OL', 'EuSoc3UH1k', 'pnModkd7FR', 'tT0o3KcZC3', 'mtroPxRRjp'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, rHEZxjqLAe7fPGjxJY.csHigh entropy of concatenated method names: 'IDvYOOW6Mi', 'a4MYH9Qgtu', 'SC0YjtBJrX', 'LnJYKRHc6f', 'aEBY0ms5As', 'jLiYf3WyML', 'NuaYJTfrhx', 'NUsYCTuo1a', 'VmaYFGG4nv', 'dZQYUu0QBy'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, tSJUo46TZqkPs1mgxMa.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QkaPuEM7V5', 'GXXPn3RmfS', 'rQwPI7WqgA', 'Ni2PSQGUmy', 'oRcPRHPPuA', 'BtGP7sZLp6', 'ITvPBXOvKM'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, jX0cIPCFeyLeq3FhA2.csHigh entropy of concatenated method names: 'fBXausDeO1', 'VGBan17SIZ', 'H2aaICEwyS', 'UGUaS4aLZ0', 'iXZaRr15HH', 'qXga7wMCKG', 'wc6aB008bb', 'yOaav2xA59', 'piRayI55hH', 'Gbvait2o2d'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, FAfY8HXFAFPDpNlYjG.csHigh entropy of concatenated method names: 'DChALeH8w5', 'F6hAa0O70b', 'kuWAtEoNM3', 'GZCAYUGTqu', 'JCVAZbwB6t', 'pLItRbb49j', 'nLLt73AikB', 'fqUtBobw8L', 'JYvtvSPT2Q', 'JB9tyemugv'
            Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, RfiI1Zu4Eogyerhd7p.csHigh entropy of concatenated method names: 'eOOsWGeb3N', 'aA6s985KBO', 'YjxsuWV4DP', 'L1WsnjakF9', 'lnhsh1rvKF', 'NmAsDLULQU', 'QmYslnR0Ud', 'ykPsma0u7q', 'zJ4skmD41L', 'VY9sgWsalf'
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: TNT Original Documents AWB 8013580.bat.exe PID: 7364, type: MEMORYSTR
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: 9E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: 26C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: BF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: 8B00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: 7530000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: 9B00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: AB00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A096E rdtsc 4_2_016A096E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe TID: 7392Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe TID: 7552Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A096E rdtsc 4_2_016A096E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_00417473 LdrLoadDll,4_2_00417473
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h]4_2_016F4144
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h]4_2_016F4144
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F4144 mov ecx, dword ptr fs:[00000030h]4_2_016F4144
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h]4_2_016F4144
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h]4_2_016F4144
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666154 mov eax, dword ptr fs:[00000030h]4_2_01666154
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666154 mov eax, dword ptr fs:[00000030h]4_2_01666154
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165C156 mov eax, dword ptr fs:[00000030h]4_2_0165C156
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F8158 mov eax, dword ptr fs:[00000030h]4_2_016F8158
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01690124 mov eax, dword ptr fs:[00000030h]4_2_01690124
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01720115 mov eax, dword ptr fs:[00000030h]4_2_01720115
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170A118 mov ecx, dword ptr fs:[00000030h]4_2_0170A118
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170A118 mov eax, dword ptr fs:[00000030h]4_2_0170A118
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170A118 mov eax, dword ptr fs:[00000030h]4_2_0170A118
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170A118 mov eax, dword ptr fs:[00000030h]4_2_0170A118
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h]4_2_0170E10E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016901F8 mov eax, dword ptr fs:[00000030h]4_2_016901F8
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017361E5 mov eax, dword ptr fs:[00000030h]4_2_017361E5
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017261C3 mov eax, dword ptr fs:[00000030h]4_2_017261C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017261C3 mov eax, dword ptr fs:[00000030h]4_2_017261C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h]4_2_016DE1D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h]4_2_016DE1D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE1D0 mov ecx, dword ptr fs:[00000030h]4_2_016DE1D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h]4_2_016DE1D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h]4_2_016DE1D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A0185 mov eax, dword ptr fs:[00000030h]4_2_016A0185
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01704180 mov eax, dword ptr fs:[00000030h]4_2_01704180
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01704180 mov eax, dword ptr fs:[00000030h]4_2_01704180
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E019F mov eax, dword ptr fs:[00000030h]4_2_016E019F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E019F mov eax, dword ptr fs:[00000030h]4_2_016E019F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E019F mov eax, dword ptr fs:[00000030h]4_2_016E019F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E019F mov eax, dword ptr fs:[00000030h]4_2_016E019F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165A197 mov eax, dword ptr fs:[00000030h]4_2_0165A197
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165A197 mov eax, dword ptr fs:[00000030h]4_2_0165A197
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165A197 mov eax, dword ptr fs:[00000030h]4_2_0165A197
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171C188 mov eax, dword ptr fs:[00000030h]4_2_0171C188
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171C188 mov eax, dword ptr fs:[00000030h]4_2_0171C188
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168C073 mov eax, dword ptr fs:[00000030h]4_2_0168C073
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01662050 mov eax, dword ptr fs:[00000030h]4_2_01662050
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6050 mov eax, dword ptr fs:[00000030h]4_2_016E6050
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165A020 mov eax, dword ptr fs:[00000030h]4_2_0165A020
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165C020 mov eax, dword ptr fs:[00000030h]4_2_0165C020
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F6030 mov eax, dword ptr fs:[00000030h]4_2_016F6030
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E4000 mov ecx, dword ptr fs:[00000030h]4_2_016E4000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01702000 mov eax, dword ptr fs:[00000030h]4_2_01702000
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h]4_2_0167E016
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h]4_2_0167E016
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h]4_2_0167E016
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h]4_2_0167E016
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0165A0E3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E60E0 mov eax, dword ptr fs:[00000030h]4_2_016E60E0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016680E9 mov eax, dword ptr fs:[00000030h]4_2_016680E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165C0F0 mov eax, dword ptr fs:[00000030h]4_2_0165C0F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A20F0 mov ecx, dword ptr fs:[00000030h]4_2_016A20F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E20DE mov eax, dword ptr fs:[00000030h]4_2_016E20DE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F80A8 mov eax, dword ptr fs:[00000030h]4_2_016F80A8
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017260B8 mov eax, dword ptr fs:[00000030h]4_2_017260B8
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017260B8 mov ecx, dword ptr fs:[00000030h]4_2_017260B8
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166208A mov eax, dword ptr fs:[00000030h]4_2_0166208A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170437C mov eax, dword ptr fs:[00000030h]4_2_0170437C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172A352 mov eax, dword ptr fs:[00000030h]4_2_0172A352
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01708350 mov ecx, dword ptr fs:[00000030h]4_2_01708350
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h]4_2_016E2349
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E035C mov eax, dword ptr fs:[00000030h]4_2_016E035C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E035C mov eax, dword ptr fs:[00000030h]4_2_016E035C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E035C mov eax, dword ptr fs:[00000030h]4_2_016E035C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E035C mov ecx, dword ptr fs:[00000030h]4_2_016E035C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E035C mov eax, dword ptr fs:[00000030h]4_2_016E035C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E035C mov eax, dword ptr fs:[00000030h]4_2_016E035C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A30B mov eax, dword ptr fs:[00000030h]4_2_0169A30B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A30B mov eax, dword ptr fs:[00000030h]4_2_0169A30B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A30B mov eax, dword ptr fs:[00000030h]4_2_0169A30B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165C310 mov ecx, dword ptr fs:[00000030h]4_2_0165C310
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01680310 mov ecx, dword ptr fs:[00000030h]4_2_01680310
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h]4_2_016703E9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016963FF mov eax, dword ptr fs:[00000030h]4_2_016963FF
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E3F0 mov eax, dword ptr fs:[00000030h]4_2_0167E3F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E3F0 mov eax, dword ptr fs:[00000030h]4_2_0167E3F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E3F0 mov eax, dword ptr fs:[00000030h]4_2_0167E3F0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017043D4 mov eax, dword ptr fs:[00000030h]4_2_017043D4
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017043D4 mov eax, dword ptr fs:[00000030h]4_2_017043D4
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h]4_2_016683C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h]4_2_016683C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h]4_2_016683C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h]4_2_016683C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h]4_2_0166A3C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h]4_2_0166A3C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h]4_2_0166A3C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h]4_2_0166A3C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h]4_2_0166A3C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h]4_2_0166A3C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E3DB mov eax, dword ptr fs:[00000030h]4_2_0170E3DB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E3DB mov eax, dword ptr fs:[00000030h]4_2_0170E3DB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E3DB mov ecx, dword ptr fs:[00000030h]4_2_0170E3DB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170E3DB mov eax, dword ptr fs:[00000030h]4_2_0170E3DB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E63C0 mov eax, dword ptr fs:[00000030h]4_2_016E63C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171C3CD mov eax, dword ptr fs:[00000030h]4_2_0171C3CD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168438F mov eax, dword ptr fs:[00000030h]4_2_0168438F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168438F mov eax, dword ptr fs:[00000030h]4_2_0168438F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165E388 mov eax, dword ptr fs:[00000030h]4_2_0165E388
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165E388 mov eax, dword ptr fs:[00000030h]4_2_0165E388
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165E388 mov eax, dword ptr fs:[00000030h]4_2_0165E388
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01658397 mov eax, dword ptr fs:[00000030h]4_2_01658397
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01658397 mov eax, dword ptr fs:[00000030h]4_2_01658397
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01658397 mov eax, dword ptr fs:[00000030h]4_2_01658397
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01710274 mov eax, dword ptr fs:[00000030h]4_2_01710274
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664260 mov eax, dword ptr fs:[00000030h]4_2_01664260
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664260 mov eax, dword ptr fs:[00000030h]4_2_01664260
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664260 mov eax, dword ptr fs:[00000030h]4_2_01664260
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165826B mov eax, dword ptr fs:[00000030h]4_2_0165826B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171A250 mov eax, dword ptr fs:[00000030h]4_2_0171A250
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171A250 mov eax, dword ptr fs:[00000030h]4_2_0171A250
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E8243 mov eax, dword ptr fs:[00000030h]4_2_016E8243
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E8243 mov ecx, dword ptr fs:[00000030h]4_2_016E8243
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165A250 mov eax, dword ptr fs:[00000030h]4_2_0165A250
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666259 mov eax, dword ptr fs:[00000030h]4_2_01666259
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165823B mov eax, dword ptr fs:[00000030h]4_2_0165823B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016702E1 mov eax, dword ptr fs:[00000030h]4_2_016702E1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016702E1 mov eax, dword ptr fs:[00000030h]4_2_016702E1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016702E1 mov eax, dword ptr fs:[00000030h]4_2_016702E1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h]4_2_0166A2C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h]4_2_0166A2C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h]4_2_0166A2C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h]4_2_0166A2C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h]4_2_0166A2C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016702A0 mov eax, dword ptr fs:[00000030h]4_2_016702A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016702A0 mov eax, dword ptr fs:[00000030h]4_2_016702A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h]4_2_016F62A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F62A0 mov ecx, dword ptr fs:[00000030h]4_2_016F62A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h]4_2_016F62A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h]4_2_016F62A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h]4_2_016F62A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h]4_2_016F62A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E0283 mov eax, dword ptr fs:[00000030h]4_2_016E0283
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E0283 mov eax, dword ptr fs:[00000030h]4_2_016E0283
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E0283 mov eax, dword ptr fs:[00000030h]4_2_016E0283
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E284 mov eax, dword ptr fs:[00000030h]4_2_0169E284
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E284 mov eax, dword ptr fs:[00000030h]4_2_0169E284
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169656A mov eax, dword ptr fs:[00000030h]4_2_0169656A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169656A mov eax, dword ptr fs:[00000030h]4_2_0169656A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169656A mov eax, dword ptr fs:[00000030h]4_2_0169656A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668550 mov eax, dword ptr fs:[00000030h]4_2_01668550
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668550 mov eax, dword ptr fs:[00000030h]4_2_01668550
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670535 mov eax, dword ptr fs:[00000030h]4_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670535 mov eax, dword ptr fs:[00000030h]4_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670535 mov eax, dword ptr fs:[00000030h]4_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670535 mov eax, dword ptr fs:[00000030h]4_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670535 mov eax, dword ptr fs:[00000030h]4_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670535 mov eax, dword ptr fs:[00000030h]4_2_01670535
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h]4_2_0168E53E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h]4_2_0168E53E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h]4_2_0168E53E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h]4_2_0168E53E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h]4_2_0168E53E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F6500 mov eax, dword ptr fs:[00000030h]4_2_016F6500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734500 mov eax, dword ptr fs:[00000030h]4_2_01734500
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C5ED mov eax, dword ptr fs:[00000030h]4_2_0169C5ED
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C5ED mov eax, dword ptr fs:[00000030h]4_2_0169C5ED
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016625E0 mov eax, dword ptr fs:[00000030h]4_2_016625E0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h]4_2_0168E5E7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E5CF mov eax, dword ptr fs:[00000030h]4_2_0169E5CF
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E5CF mov eax, dword ptr fs:[00000030h]4_2_0169E5CF
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016665D0 mov eax, dword ptr fs:[00000030h]4_2_016665D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A5D0 mov eax, dword ptr fs:[00000030h]4_2_0169A5D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A5D0 mov eax, dword ptr fs:[00000030h]4_2_0169A5D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E05A7 mov eax, dword ptr fs:[00000030h]4_2_016E05A7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E05A7 mov eax, dword ptr fs:[00000030h]4_2_016E05A7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E05A7 mov eax, dword ptr fs:[00000030h]4_2_016E05A7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016845B1 mov eax, dword ptr fs:[00000030h]4_2_016845B1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016845B1 mov eax, dword ptr fs:[00000030h]4_2_016845B1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01694588 mov eax, dword ptr fs:[00000030h]4_2_01694588
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01662582 mov eax, dword ptr fs:[00000030h]4_2_01662582
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01662582 mov ecx, dword ptr fs:[00000030h]4_2_01662582
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E59C mov eax, dword ptr fs:[00000030h]4_2_0169E59C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EC460 mov ecx, dword ptr fs:[00000030h]4_2_016EC460
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168A470 mov eax, dword ptr fs:[00000030h]4_2_0168A470
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168A470 mov eax, dword ptr fs:[00000030h]4_2_0168A470
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168A470 mov eax, dword ptr fs:[00000030h]4_2_0168A470
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171A456 mov eax, dword ptr fs:[00000030h]4_2_0171A456
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h]4_2_0169E443
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168245A mov eax, dword ptr fs:[00000030h]4_2_0168245A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165645D mov eax, dword ptr fs:[00000030h]4_2_0165645D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165C427 mov eax, dword ptr fs:[00000030h]4_2_0165C427
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165E420 mov eax, dword ptr fs:[00000030h]4_2_0165E420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165E420 mov eax, dword ptr fs:[00000030h]4_2_0165E420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165E420 mov eax, dword ptr fs:[00000030h]4_2_0165E420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h]4_2_016E6420
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A430 mov eax, dword ptr fs:[00000030h]4_2_0169A430
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01698402 mov eax, dword ptr fs:[00000030h]4_2_01698402
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01698402 mov eax, dword ptr fs:[00000030h]4_2_01698402
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01698402 mov eax, dword ptr fs:[00000030h]4_2_01698402
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016604E5 mov ecx, dword ptr fs:[00000030h]4_2_016604E5
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016664AB mov eax, dword ptr fs:[00000030h]4_2_016664AB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016944B0 mov ecx, dword ptr fs:[00000030h]4_2_016944B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EA4B0 mov eax, dword ptr fs:[00000030h]4_2_016EA4B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0171A49A mov eax, dword ptr fs:[00000030h]4_2_0171A49A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668770 mov eax, dword ptr fs:[00000030h]4_2_01668770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670770 mov eax, dword ptr fs:[00000030h]4_2_01670770
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169674D mov esi, dword ptr fs:[00000030h]4_2_0169674D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169674D mov eax, dword ptr fs:[00000030h]4_2_0169674D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169674D mov eax, dword ptr fs:[00000030h]4_2_0169674D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EE75D mov eax, dword ptr fs:[00000030h]4_2_016EE75D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660750 mov eax, dword ptr fs:[00000030h]4_2_01660750
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2750 mov eax, dword ptr fs:[00000030h]4_2_016A2750
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2750 mov eax, dword ptr fs:[00000030h]4_2_016A2750
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E4755 mov eax, dword ptr fs:[00000030h]4_2_016E4755
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C720 mov eax, dword ptr fs:[00000030h]4_2_0169C720
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C720 mov eax, dword ptr fs:[00000030h]4_2_0169C720
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169273C mov eax, dword ptr fs:[00000030h]4_2_0169273C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169273C mov ecx, dword ptr fs:[00000030h]4_2_0169273C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169273C mov eax, dword ptr fs:[00000030h]4_2_0169273C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DC730 mov eax, dword ptr fs:[00000030h]4_2_016DC730
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C700 mov eax, dword ptr fs:[00000030h]4_2_0169C700
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660710 mov eax, dword ptr fs:[00000030h]4_2_01660710
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01690710 mov eax, dword ptr fs:[00000030h]4_2_01690710
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016827ED mov eax, dword ptr fs:[00000030h]4_2_016827ED
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016827ED mov eax, dword ptr fs:[00000030h]4_2_016827ED
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016827ED mov eax, dword ptr fs:[00000030h]4_2_016827ED
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EE7E1 mov eax, dword ptr fs:[00000030h]4_2_016EE7E1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016647FB mov eax, dword ptr fs:[00000030h]4_2_016647FB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016647FB mov eax, dword ptr fs:[00000030h]4_2_016647FB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166C7C0 mov eax, dword ptr fs:[00000030h]4_2_0166C7C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E07C3 mov eax, dword ptr fs:[00000030h]4_2_016E07C3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016607AF mov eax, dword ptr fs:[00000030h]4_2_016607AF
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_017147A0 mov eax, dword ptr fs:[00000030h]4_2_017147A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170678E mov eax, dword ptr fs:[00000030h]4_2_0170678E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A660 mov eax, dword ptr fs:[00000030h]4_2_0169A660
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A660 mov eax, dword ptr fs:[00000030h]4_2_0169A660
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172866E mov eax, dword ptr fs:[00000030h]4_2_0172866E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172866E mov eax, dword ptr fs:[00000030h]4_2_0172866E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01692674 mov eax, dword ptr fs:[00000030h]4_2_01692674
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167C640 mov eax, dword ptr fs:[00000030h]4_2_0167C640
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167E627 mov eax, dword ptr fs:[00000030h]4_2_0167E627
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01696620 mov eax, dword ptr fs:[00000030h]4_2_01696620
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01698620 mov eax, dword ptr fs:[00000030h]4_2_01698620
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166262C mov eax, dword ptr fs:[00000030h]4_2_0166262C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE609 mov eax, dword ptr fs:[00000030h]4_2_016DE609
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0167260B mov eax, dword ptr fs:[00000030h]4_2_0167260B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A2619 mov eax, dword ptr fs:[00000030h]4_2_016A2619
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h]4_2_016DE6F2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h]4_2_016DE6F2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h]4_2_016DE6F2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h]4_2_016DE6F2
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E06F1 mov eax, dword ptr fs:[00000030h]4_2_016E06F1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E06F1 mov eax, dword ptr fs:[00000030h]4_2_016E06F1
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0169A6C7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A6C7 mov eax, dword ptr fs:[00000030h]4_2_0169A6C7
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C6A6 mov eax, dword ptr fs:[00000030h]4_2_0169C6A6
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016966B0 mov eax, dword ptr fs:[00000030h]4_2_016966B0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664690 mov eax, dword ptr fs:[00000030h]4_2_01664690
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664690 mov eax, dword ptr fs:[00000030h]4_2_01664690
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A096E mov eax, dword ptr fs:[00000030h]4_2_016A096E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A096E mov edx, dword ptr fs:[00000030h]4_2_016A096E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016A096E mov eax, dword ptr fs:[00000030h]4_2_016A096E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01704978 mov eax, dword ptr fs:[00000030h]4_2_01704978
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01704978 mov eax, dword ptr fs:[00000030h]4_2_01704978
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01686962 mov eax, dword ptr fs:[00000030h]4_2_01686962
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01686962 mov eax, dword ptr fs:[00000030h]4_2_01686962
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01686962 mov eax, dword ptr fs:[00000030h]4_2_01686962
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EC97C mov eax, dword ptr fs:[00000030h]4_2_016EC97C
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E0946 mov eax, dword ptr fs:[00000030h]4_2_016E0946
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E892A mov eax, dword ptr fs:[00000030h]4_2_016E892A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F892B mov eax, dword ptr fs:[00000030h]4_2_016F892B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE908 mov eax, dword ptr fs:[00000030h]4_2_016DE908
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DE908 mov eax, dword ptr fs:[00000030h]4_2_016DE908
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EC912 mov eax, dword ptr fs:[00000030h]4_2_016EC912
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01658918 mov eax, dword ptr fs:[00000030h]4_2_01658918
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01658918 mov eax, dword ptr fs:[00000030h]4_2_01658918
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EE9E0 mov eax, dword ptr fs:[00000030h]4_2_016EE9E0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016929F9 mov eax, dword ptr fs:[00000030h]4_2_016929F9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016929F9 mov eax, dword ptr fs:[00000030h]4_2_016929F9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172A9D3 mov eax, dword ptr fs:[00000030h]4_2_0172A9D3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F69C0 mov eax, dword ptr fs:[00000030h]4_2_016F69C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h]4_2_0166A9D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h]4_2_0166A9D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h]4_2_0166A9D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h]4_2_0166A9D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h]4_2_0166A9D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h]4_2_0166A9D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016949D0 mov eax, dword ptr fs:[00000030h]4_2_016949D0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h]4_2_016729A0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016609AD mov eax, dword ptr fs:[00000030h]4_2_016609AD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016609AD mov eax, dword ptr fs:[00000030h]4_2_016609AD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E89B3 mov esi, dword ptr fs:[00000030h]4_2_016E89B3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E89B3 mov eax, dword ptr fs:[00000030h]4_2_016E89B3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016E89B3 mov eax, dword ptr fs:[00000030h]4_2_016E89B3
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EE872 mov eax, dword ptr fs:[00000030h]4_2_016EE872
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EE872 mov eax, dword ptr fs:[00000030h]4_2_016EE872
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F6870 mov eax, dword ptr fs:[00000030h]4_2_016F6870
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F6870 mov eax, dword ptr fs:[00000030h]4_2_016F6870
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01672840 mov ecx, dword ptr fs:[00000030h]4_2_01672840
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01690854 mov eax, dword ptr fs:[00000030h]4_2_01690854
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664859 mov eax, dword ptr fs:[00000030h]4_2_01664859
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01664859 mov eax, dword ptr fs:[00000030h]4_2_01664859
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170483A mov eax, dword ptr fs:[00000030h]4_2_0170483A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170483A mov eax, dword ptr fs:[00000030h]4_2_0170483A
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169A830 mov eax, dword ptr fs:[00000030h]4_2_0169A830
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682835 mov eax, dword ptr fs:[00000030h]4_2_01682835
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682835 mov eax, dword ptr fs:[00000030h]4_2_01682835
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682835 mov eax, dword ptr fs:[00000030h]4_2_01682835
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682835 mov ecx, dword ptr fs:[00000030h]4_2_01682835
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682835 mov eax, dword ptr fs:[00000030h]4_2_01682835
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01682835 mov eax, dword ptr fs:[00000030h]4_2_01682835
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EC810 mov eax, dword ptr fs:[00000030h]4_2_016EC810
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C8F9 mov eax, dword ptr fs:[00000030h]4_2_0169C8F9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169C8F9 mov eax, dword ptr fs:[00000030h]4_2_0169C8F9
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172A8E4 mov eax, dword ptr fs:[00000030h]4_2_0172A8E4
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168E8C0 mov eax, dword ptr fs:[00000030h]4_2_0168E8C0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660887 mov eax, dword ptr fs:[00000030h]4_2_01660887
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016EC89D mov eax, dword ptr fs:[00000030h]4_2_016EC89D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0165CB7E mov eax, dword ptr fs:[00000030h]4_2_0165CB7E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170EB50 mov eax, dword ptr fs:[00000030h]4_2_0170EB50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F6B40 mov eax, dword ptr fs:[00000030h]4_2_016F6B40
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F6B40 mov eax, dword ptr fs:[00000030h]4_2_016F6B40
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0172AB40 mov eax, dword ptr fs:[00000030h]4_2_0172AB40
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01708B42 mov eax, dword ptr fs:[00000030h]4_2_01708B42
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01714B4B mov eax, dword ptr fs:[00000030h]4_2_01714B4B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01714B4B mov eax, dword ptr fs:[00000030h]4_2_01714B4B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168EB20 mov eax, dword ptr fs:[00000030h]4_2_0168EB20
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168EB20 mov eax, dword ptr fs:[00000030h]4_2_0168EB20
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01728B28 mov eax, dword ptr fs:[00000030h]4_2_01728B28
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01728B28 mov eax, dword ptr fs:[00000030h]4_2_01728B28
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h]4_2_016DEB1D
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168EBFC mov eax, dword ptr fs:[00000030h]4_2_0168EBFC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668BF0 mov eax, dword ptr fs:[00000030h]4_2_01668BF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668BF0 mov eax, dword ptr fs:[00000030h]4_2_01668BF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668BF0 mov eax, dword ptr fs:[00000030h]4_2_01668BF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016ECBF0 mov eax, dword ptr fs:[00000030h]4_2_016ECBF0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170EBD0 mov eax, dword ptr fs:[00000030h]4_2_0170EBD0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01680BCB mov eax, dword ptr fs:[00000030h]4_2_01680BCB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01680BCB mov eax, dword ptr fs:[00000030h]4_2_01680BCB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01680BCB mov eax, dword ptr fs:[00000030h]4_2_01680BCB
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660BCD mov eax, dword ptr fs:[00000030h]4_2_01660BCD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660BCD mov eax, dword ptr fs:[00000030h]4_2_01660BCD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660BCD mov eax, dword ptr fs:[00000030h]4_2_01660BCD
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01714BB0 mov eax, dword ptr fs:[00000030h]4_2_01714BB0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01714BB0 mov eax, dword ptr fs:[00000030h]4_2_01714BB0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670BBE mov eax, dword ptr fs:[00000030h]4_2_01670BBE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670BBE mov eax, dword ptr fs:[00000030h]4_2_01670BBE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169CA6F mov eax, dword ptr fs:[00000030h]4_2_0169CA6F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169CA6F mov eax, dword ptr fs:[00000030h]4_2_0169CA6F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169CA6F mov eax, dword ptr fs:[00000030h]4_2_0169CA6F
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0170EA60 mov eax, dword ptr fs:[00000030h]4_2_0170EA60
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DCA72 mov eax, dword ptr fs:[00000030h]4_2_016DCA72
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016DCA72 mov eax, dword ptr fs:[00000030h]4_2_016DCA72
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h]4_2_01666A50
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670A5B mov eax, dword ptr fs:[00000030h]4_2_01670A5B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01670A5B mov eax, dword ptr fs:[00000030h]4_2_01670A5B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0168EA2E mov eax, dword ptr fs:[00000030h]4_2_0168EA2E
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169CA24 mov eax, dword ptr fs:[00000030h]4_2_0169CA24
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169CA38 mov eax, dword ptr fs:[00000030h]4_2_0169CA38
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01684A35 mov eax, dword ptr fs:[00000030h]4_2_01684A35
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01684A35 mov eax, dword ptr fs:[00000030h]4_2_01684A35
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016ECA11 mov eax, dword ptr fs:[00000030h]4_2_016ECA11
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169AAEE mov eax, dword ptr fs:[00000030h]4_2_0169AAEE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0169AAEE mov eax, dword ptr fs:[00000030h]4_2_0169AAEE
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B6ACC mov eax, dword ptr fs:[00000030h]4_2_016B6ACC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B6ACC mov eax, dword ptr fs:[00000030h]4_2_016B6ACC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B6ACC mov eax, dword ptr fs:[00000030h]4_2_016B6ACC
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660AD0 mov eax, dword ptr fs:[00000030h]4_2_01660AD0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01694AD0 mov eax, dword ptr fs:[00000030h]4_2_01694AD0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01694AD0 mov eax, dword ptr fs:[00000030h]4_2_01694AD0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668AA0 mov eax, dword ptr fs:[00000030h]4_2_01668AA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668AA0 mov eax, dword ptr fs:[00000030h]4_2_01668AA0
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016B6AA4 mov eax, dword ptr fs:[00000030h]4_2_016B6AA4
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h]4_2_0166EA80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01734A80 mov eax, dword ptr fs:[00000030h]4_2_01734A80
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01698A90 mov edx, dword ptr fs:[00000030h]4_2_01698A90
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_016F8D6B mov eax, dword ptr fs:[00000030h]4_2_016F8D6B
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660D59 mov eax, dword ptr fs:[00000030h]4_2_01660D59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660D59 mov eax, dword ptr fs:[00000030h]4_2_01660D59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01660D59 mov eax, dword ptr fs:[00000030h]4_2_01660D59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668D59 mov eax, dword ptr fs:[00000030h]4_2_01668D59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668D59 mov eax, dword ptr fs:[00000030h]4_2_01668D59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeCode function: 4_2_01668D59 mov eax, dword ptr fs:[00000030h]4_2_01668D59
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeMemory written: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeProcess created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeQueries volume information: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            TNT Original Documents AWB 8013580.bat.exe33%VirustotalBrowse
            TNT Original Documents AWB 8013580.bat.exe100%AviraHEUR/AGEN.1309294
            TNT Original Documents AWB 8013580.bat.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://tempuri.org/DataSet1.xsd0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://tempuri.org/DataSet1.xsdTNT Original Documents AWB 8013580.bat.exefalseunknown

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1533040
            Start date and time:2024-10-14 11:04:10 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 38s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:11
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:TNT Original Documents AWB 8013580.bat.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@5/1@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 42
            • Number of non-executed functions: 268
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information

            Simulations

            Behavior and APIs

            TimeTypeDescription
            05:05:10API Interceptor5x Sleep call for process: TNT Original Documents AWB 8013580.bat.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TNT Original Documents AWB 8013580.bat.exe.log

            Download File
            Process:C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.76318526119268
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:TNT Original Documents AWB 8013580.bat.exe
            File size:777'728 bytes
            MD5:4547d92046a773ade182813b8dab2808
            SHA1:c93a0f354cfc5d4ede8ac6598fbfd48270344367
            SHA256:86564d4471500d3932d0afddc8a0a524982e6b7f3a70630d47e214d31bd166e5
            SHA512:abf3f8c1e29a43be0cf0871c062b0f4440fc1517207f0584463ecf36535e26b48657d5eebf9164a3ff4881c06291d6c9b756b7dce9b9345a40a15ecfc31c7be5
            SSDEEP:12288:Ycir1S2IoOAc6/5rZGmy4qA5Zno/HK5sMg1xMqU4pCD9fY73eL6rmYEJJAkqdR/P:pA59ovKzgrzc673eLvJDq3/8VC4IcSiu
            TLSH:E3F4F1507629AC23C1BA4FF20520E67503B76E9D7811F3CA8DE9BCAB74F7B806645643
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............J.... ........@.. .......................@............@................................

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x4bf54a
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x86F70E0E [Wed Oct 2 14:45:34 2041 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xbf4f80x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000x3c0.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc20000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0xbf4dc0x1c.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xbd5500xbd6005ac201314930a0efb771a92edcfb0cf7False0.8848120358910891data7.7700013936624215IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xc00000x3c00x4004a6eb41e745cee3a69566333504384bdFalse0.37109375data3.052288452591553IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xc20000xc0x200c423c5cc7b79c33a90ad3f587e44ebc9False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0xc00580x364data0.4009216589861751

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:05:05:10
            Start date:14/10/2024
            Path:C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
            Imagebase:0x2b0000
            File size:777'728 bytes
            MD5 hash:4547D92046A773ADE182813B8DAB2808
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:05:05:12
            Start date:14/10/2024
            Path:C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
            Imagebase:0x70000
            File size:777'728 bytes
            MD5 hash:4547D92046A773ADE182813B8DAB2808
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:4
            Start time:05:05:12
            Start date:14/10/2024
            Path:C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
            Imagebase:0xb00000
            File size:777'728 bytes
            MD5 hash:4547D92046A773ADE182813B8DAB2808
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:11%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:0%
              Total number of Nodes:299
              Total number of Limit Nodes:21
              execution_graph 32524 6f80798 32525 6f807bb 32524->32525 32526 6f807d2 32524->32526 32529 6f807d8 32525->32529 32534 6f807e8 32525->32534 32530 6f807e8 32529->32530 32531 6f8086b 32530->32531 32539 6f80a2f 32530->32539 32544 6f80a40 32530->32544 32535 6f8081c 32534->32535 32536 6f8086b 32534->32536 32535->32536 32537 6f80a2f CloseHandle 32535->32537 32538 6f80a40 CloseHandle 32535->32538 32537->32536 32538->32536 32540 6f80a40 32539->32540 32548 6f80ae8 32540->32548 32553 6f80ad8 32540->32553 32541 6f80a5e 32541->32531 32546 6f80ae8 CloseHandle 32544->32546 32547 6f80ad8 CloseHandle 32544->32547 32545 6f80a5e 32545->32531 32546->32545 32547->32545 32549 6f80b06 32548->32549 32550 6f80b37 32549->32550 32558 6f80d51 32549->32558 32563 6f80d35 32549->32563 32550->32541 32554 6f80ae8 32553->32554 32555 6f80b37 32554->32555 32556 6f80d51 CloseHandle 32554->32556 32557 6f80d35 CloseHandle 32554->32557 32555->32541 32556->32555 32557->32555 32559 6f80d6d 32558->32559 32568 6f81f30 32559->32568 32574 6f81f20 32559->32574 32560 6f80d79 32564 6f80d6d 32563->32564 32566 6f81f30 CloseHandle 32564->32566 32567 6f81f20 CloseHandle 32564->32567 32565 6f80d79 32566->32565 32567->32565 32569 6f81f3e 32568->32569 32573 6f81f5d 32568->32573 32570 6f81f4c 32569->32570 32580 6f815ac CloseHandle 32570->32580 32572 6f81f59 32572->32560 32573->32560 32575 6f81f3e 32574->32575 32579 6f81f5d 32574->32579 32576 6f81f4c 32575->32576 32581 6f815ac CloseHandle 32576->32581 32578 6f81f59 32578->32560 32579->32560 32580->32572 32581->32578 32592 9e4668 32593 9e4672 32592->32593 32597 9e4759 32592->32597 32602 9e3e34 32593->32602 32595 9e468d 32598 9e477d 32597->32598 32606 9e4858 32598->32606 32610 9e4868 32598->32610 32603 9e3e3f 32602->32603 32618 9e71f8 32603->32618 32605 9e7549 32605->32595 32607 9e488f 32606->32607 32608 9e496c 32607->32608 32614 9e44b4 32607->32614 32608->32608 32612 9e488f 32610->32612 32611 9e496c 32611->32611 32612->32611 32613 9e44b4 CreateActCtxA 32612->32613 32613->32611 32615 9e58f8 CreateActCtxA 32614->32615 32617 9e59bb 32615->32617 32619 9e7203 32618->32619 32622 9e7228 32619->32622 32621 9e766d 32621->32605 32623 9e7233 32622->32623 32626 9e7258 32623->32626 32625 9e7742 32625->32621 32627 9e7263 32626->32627 32630 9e7288 32627->32630 32629 9e7845 32629->32625 32631 9e7293 32630->32631 32633 9e8c2b 32631->32633 32637 9eaed0 32631->32637 32632 9e8c69 32632->32629 32633->32632 32641 9ecfca 32633->32641 32645 9ecfd0 32633->32645 32649 9eb300 32637->32649 32657 9eb310 32637->32657 32638 9eaee6 32638->32633 32642 9ecff1 32641->32642 32643 9ed015 32642->32643 32694 9ed588 32642->32694 32643->32632 32646 9ecff1 32645->32646 32647 9ed015 32646->32647 32648 9ed588 5 API calls 32646->32648 32647->32632 32648->32647 32650 9eb310 32649->32650 32664 9eb3f9 32650->32664 32674 9eb408 32650->32674 32651 9eb2a8 32652 9eb2b0 32651->32652 32653 9ed8e8 DuplicateHandle 32651->32653 32652->32638 32654 9ed97e 32653->32654 32654->32638 32662 9eb408 2 API calls 32657->32662 32663 9eb3f9 2 API calls 32657->32663 32658 9eb2a8 32659 9eb2b0 32658->32659 32660 9ed8e8 DuplicateHandle 32658->32660 32659->32638 32661 9ed97e 32660->32661 32661->32638 32662->32658 32663->32658 32665 9eb408 32664->32665 32666 9eb43c 32665->32666 32684 9e9e78 32665->32684 32666->32651 32669 9eb434 32669->32666 32670 9eb640 GetModuleHandleW 32669->32670 32671 9eb66d 32670->32671 32671->32651 32675 9eb419 32674->32675 32678 9eb43c 32674->32678 32676 9e9e78 GetModuleHandleW 32675->32676 32677 9eb424 32676->32677 32677->32678 32682 9eb690 GetModuleHandleW 32677->32682 32683 9eb6a0 GetModuleHandleW 32677->32683 32678->32651 32679 9eb434 32679->32678 32680 9eb640 GetModuleHandleW 32679->32680 32681 9eb66d 32680->32681 32681->32651 32682->32679 32683->32679 32685 9eb5f8 GetModuleHandleW 32684->32685 32687 9eb424 32685->32687 32687->32666 32688 9eb690 32687->32688 32691 9eb6a0 32687->32691 32689 9e9e78 GetModuleHandleW 32688->32689 32690 9eb6b4 32689->32690 32690->32669 32692 9e9e78 GetModuleHandleW 32691->32692 32693 9eb6b4 32691->32693 32692->32693 32693->32669 32695 9ed595 32694->32695 32696 9ed5cf 32695->32696 32698 9ed3b0 32695->32698 32696->32643 32699 9ed3bb 32698->32699 32700 9edee0 32699->32700 32702 9ed4cc 32699->32702 32703 9ed4d7 32702->32703 32704 9e7288 5 API calls 32703->32704 32705 9edf4f 32704->32705 32705->32700 32520 6f820a0 32521 6f820a3 CloseHandle 32520->32521 32523 6f8210f 32521->32523 32706 7033f7a 32707 7033e3c 32706->32707 32708 7033f18 32707->32708 32712 7034800 32707->32712 32730 703486e 32707->32730 32749 7034810 32707->32749 32708->32708 32713 7034810 32712->32713 32714 703484e 32713->32714 32767 7034c62 32713->32767 32772 7034dff 32713->32772 32777 7034db8 32713->32777 32782 7034c3b 32713->32782 32787 7034eb4 32713->32787 32791 7034cb5 32713->32791 32797 7035055 32713->32797 32802 7034c97 32713->32802 32807 7034c10 32713->32807 32812 7035651 32713->32812 32817 7034e8f 32713->32817 32826 703514f 32713->32826 32834 70351c9 32713->32834 32839 7034f60 32713->32839 32844 70352e1 32713->32844 32714->32708 32731 70347fc 32730->32731 32733 7034871 32730->32733 32732 703484e 32731->32732 32734 7034c62 2 API calls 32731->32734 32735 70352e1 2 API calls 32731->32735 32736 7034f60 2 API calls 32731->32736 32737 70351c9 2 API calls 32731->32737 32738 703514f 4 API calls 32731->32738 32739 7034e8f 4 API calls 32731->32739 32740 7035651 2 API calls 32731->32740 32741 7034c10 2 API calls 32731->32741 32742 7034c97 2 API calls 32731->32742 32743 7035055 2 API calls 32731->32743 32744 7034cb5 2 API calls 32731->32744 32745 7034eb4 2 API calls 32731->32745 32746 7034c3b 2 API calls 32731->32746 32747 7034db8 2 API calls 32731->32747 32748 7034dff 2 API calls 32731->32748 32732->32708 32733->32708 32734->32732 32735->32732 32736->32732 32737->32732 32738->32732 32739->32732 32740->32732 32741->32732 32742->32732 32743->32732 32744->32732 32745->32732 32746->32732 32747->32732 32748->32732 32750 703482a 32749->32750 32751 703484e 32750->32751 32752 7034c62 2 API calls 32750->32752 32753 70352e1 2 API calls 32750->32753 32754 7034f60 2 API calls 32750->32754 32755 70351c9 2 API calls 32750->32755 32756 703514f 4 API calls 32750->32756 32757 7034e8f 4 API calls 32750->32757 32758 7035651 2 API calls 32750->32758 32759 7034c10 2 API calls 32750->32759 32760 7034c97 2 API calls 32750->32760 32761 7035055 2 API calls 32750->32761 32762 7034cb5 2 API calls 32750->32762 32763 7034eb4 2 API calls 32750->32763 32764 7034c3b 2 API calls 32750->32764 32765 7034db8 2 API calls 32750->32765 32766 7034dff 2 API calls 32750->32766 32751->32708 32752->32751 32753->32751 32754->32751 32755->32751 32756->32751 32757->32751 32758->32751 32759->32751 32760->32751 32761->32751 32762->32751 32763->32751 32764->32751 32765->32751 32766->32751 32768 7034c11 32767->32768 32848 7033a20 32768->32848 32852 7033a14 32768->32852 32773 7034dbe 32772->32773 32774 7034ddf 32772->32774 32856 7033790 32773->32856 32860 7033798 32773->32860 32774->32714 32778 7034dbe 32777->32778 32780 7033790 WriteProcessMemory 32778->32780 32781 7033798 WriteProcessMemory 32778->32781 32779 7034ddf 32779->32714 32780->32779 32781->32779 32783 7034c3f 32782->32783 32785 7033a20 CreateProcessA 32783->32785 32786 7033a14 CreateProcessA 32783->32786 32784 7034d56 32784->32714 32785->32784 32786->32784 32789 7033790 WriteProcessMemory 32787->32789 32790 7033798 WriteProcessMemory 32787->32790 32788 7034e62 32788->32714 32789->32788 32790->32788 32793 7034c11 32791->32793 32792 7034cad 32792->32714 32793->32792 32795 7033a20 CreateProcessA 32793->32795 32796 7033a14 CreateProcessA 32793->32796 32794 7034d56 32794->32714 32795->32794 32796->32794 32798 703505b 32797->32798 32864 7033881 32798->32864 32868 7033888 32798->32868 32799 7034d7e 32799->32714 32803 7034c9b 32802->32803 32805 7033a20 CreateProcessA 32803->32805 32806 7033a14 CreateProcessA 32803->32806 32804 7034d56 32804->32714 32805->32804 32806->32804 32808 7034c1a 32807->32808 32810 7033a20 CreateProcessA 32808->32810 32811 7033a14 CreateProcessA 32808->32811 32809 7034d56 32809->32714 32810->32809 32811->32809 32813 7035657 32812->32813 32815 7033790 WriteProcessMemory 32813->32815 32816 7033798 WriteProcessMemory 32813->32816 32814 7035689 32815->32814 32816->32814 32818 7034e95 32817->32818 32819 7034f7e 32818->32819 32872 70331c0 32818->32872 32876 70331c8 32818->32876 32821 7035610 32819->32821 32880 7033110 32819->32880 32884 7033118 32819->32884 32820 70351f5 32821->32714 32888 70336d0 32826->32888 32892 70336d8 32826->32892 32827 703516d 32828 703518f 32827->32828 32832 7033790 WriteProcessMemory 32827->32832 32833 7033798 WriteProcessMemory 32827->32833 32828->32714 32829 7035689 32832->32829 32833->32829 32835 70351cf 32834->32835 32837 7033110 ResumeThread 32835->32837 32838 7033118 ResumeThread 32835->32838 32836 70351f5 32837->32836 32838->32836 32840 7034f66 32839->32840 32842 7033110 ResumeThread 32840->32842 32843 7033118 ResumeThread 32840->32843 32841 70351f5 32842->32841 32843->32841 32846 70331c0 Wow64SetThreadContext 32844->32846 32847 70331c8 Wow64SetThreadContext 32844->32847 32845 70352fb 32846->32845 32847->32845 32849 7033aa9 CreateProcessA 32848->32849 32851 7033c6b 32849->32851 32853 7033aa9 32852->32853 32853->32853 32854 7033c0e CreateProcessA 32853->32854 32855 7033c6b 32854->32855 32857 7033796 WriteProcessMemory 32856->32857 32859 7033837 32857->32859 32859->32774 32861 70337dc WriteProcessMemory 32860->32861 32863 7033837 32861->32863 32863->32774 32865 7033888 ReadProcessMemory 32864->32865 32867 7033917 32865->32867 32867->32799 32869 70338d3 ReadProcessMemory 32868->32869 32871 7033917 32869->32871 32871->32799 32873 70331c8 Wow64SetThreadContext 32872->32873 32875 7033255 32873->32875 32875->32819 32877 703320d Wow64SetThreadContext 32876->32877 32879 7033255 32877->32879 32879->32819 32881 7033118 ResumeThread 32880->32881 32883 7033189 32881->32883 32883->32820 32885 7033158 ResumeThread 32884->32885 32887 7033189 32885->32887 32887->32820 32889 70336d8 VirtualAllocEx 32888->32889 32891 7033755 32889->32891 32891->32827 32893 7033718 VirtualAllocEx 32892->32893 32895 7033755 32893->32895 32895->32827 32582 7035e68 32583 7035ff3 32582->32583 32584 7035e8e 32582->32584 32584->32583 32587 70360e1 32584->32587 32590 70360e8 PostMessageW 32584->32590 32588 70360e8 PostMessageW 32587->32588 32589 7036154 32588->32589 32589->32584 32591 7036154 32590->32591 32591->32584 32896 9ed6a0 32897 9ed6e6 32896->32897 32900 9ed880 32897->32900 32903 9eb2f4 32900->32903 32904 9ed8e8 DuplicateHandle 32903->32904 32905 9ed7d3 32904->32905

              Executed Functions

              Function 06F87B30 Relevance: 3.0, Strings: 2, Instructions: 527COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 6f87b30-6f87b58 1 6f87b5a 0->1 2 6f87b5f-6f87cbd 0->2 1->2 13 6f882e4-6f882f0 2->13 14 6f87cc2-6f87cce 13->14 15 6f882f6-6f882fd 13->15 16 6f87cd0 14->16 17 6f87cd5-6f87d21 14->17 16->17 20 6f87d91-6f87d95 17->20 21 6f87d23-6f87d41 20->21 22 6f87d97-6f87dc9 20->22 25 6f87d53-6f87d59 21->25 26 6f87d43-6f87d51 21->26 29 6f87dcb-6f87dd7 22->29 30 6f87df3 22->30 27 6f87d88-6f87d8c 25->27 26->22 31 6f87d5b-6f87d67 27->31 32 6f87d8e 27->32 33 6f87dd9-6f87ddf 29->33 34 6f87de1-6f87de7 29->34 37 6f87df9-6f87e26 30->37 35 6f87d69 31->35 36 6f87d6e-6f87d76 31->36 32->20 38 6f87df1 33->38 34->38 35->36 39 6f87d78-6f87d83 36->39 40 6f87d85 36->40 43 6f87e28-6f87e60 37->43 44 6f87e75-6f87f0b 37->44 38->37 39->32 40->27 49 6f882bb-6f882e1 43->49 55 6f87f5c-6f87f62 44->55 49->13 56 6f87f0d-6f87f2c 55->56 57 6f87f64-6f88026 55->57 58 6f87f2e 56->58 59 6f87f33-6f87f59 56->59 68 6f88028-6f88061 57->68 69 6f88067-6f8806b 57->69 58->59 59->55 68->69 70 6f880ac-6f880b0 69->70 71 6f8806d-6f880a6 69->71 73 6f880f1-6f880f5 70->73 74 6f880b2-6f880eb 70->74 71->70 76 6f8814e-6f881a9 73->76 77 6f880f7-6f880ff 73->77 74->73 84 6f881ab-6f881de 76->84 85 6f881e0-6f8820a 76->85 78 6f88146-6f8814c 77->78 78->76 80 6f88101-6f88143 78->80 80->78 89 6f88213-6f88292 84->89 85->89 93 6f88299-6f882ac 89->93 93->49
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1417405850.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6f80000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: :$~
              • API String ID: 0-2431124681
              • Opcode ID: 6c43c3e4003ee1bdea3cbf4d3a75c5ebd43ba94f606144e941b46c4d8b6909e2
              • Instruction ID: 79e085549e2c4056721a05da9a7bf1ef578475ebd222a7b3088254e7fd9e5375
              • Opcode Fuzzy Hash: 6c43c3e4003ee1bdea3cbf4d3a75c5ebd43ba94f606144e941b46c4d8b6909e2
              • Instruction Fuzzy Hash: 4D32E175E00218DFDB55DFA9C880B98BBB2FF49300F1580E9E509AB266DB31AD91DF50
              Function 07036B90 Relevance: .6, Instructions: 638COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a734902edcd9b8912aa07e65043d6c72037f966dbb89a0ab6f782451b019c57
              • Instruction ID: 240037ca6a41ab1c112cafe546d0a62af9d63ba33564b7cf28b39e14527ec661
              • Opcode Fuzzy Hash: 2a734902edcd9b8912aa07e65043d6c72037f966dbb89a0ab6f782451b019c57
              • Instruction Fuzzy Hash: 0D32DCB0B012449FEB15DB79C590BAEB7FAAF89300F244569E146DB3A1CB35EC01CB51
              Function 07033A14 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 119 7033a14-7033ab5 121 7033ab7-7033ac1 119->121 122 7033aee-7033b0e 119->122 121->122 123 7033ac3-7033ac5 121->123 127 7033b10-7033b1a 122->127 128 7033b47-7033b76 122->128 124 7033ac7-7033ad1 123->124 125 7033ae8-7033aeb 123->125 129 7033ad3 124->129 130 7033ad5-7033ae4 124->130 125->122 127->128 131 7033b1c-7033b1e 127->131 138 7033b78-7033b82 128->138 139 7033baf-7033c69 CreateProcessA 128->139 129->130 130->130 132 7033ae6 130->132 133 7033b41-7033b44 131->133 134 7033b20-7033b2a 131->134 132->125 133->128 136 7033b2e-7033b3d 134->136 137 7033b2c 134->137 136->136 140 7033b3f 136->140 137->136 138->139 141 7033b84-7033b86 138->141 150 7033c72-7033cf8 139->150 151 7033c6b-7033c71 139->151 140->133 143 7033ba9-7033bac 141->143 144 7033b88-7033b92 141->144 143->139 145 7033b96-7033ba5 144->145 146 7033b94 144->146 145->145 148 7033ba7 145->148 146->145 148->143 161 7033cfa-7033cfe 150->161 162 7033d08-7033d0c 150->162 151->150 161->162 165 7033d00 161->165 163 7033d0e-7033d12 162->163 164 7033d1c-7033d20 162->164 163->164 166 7033d14 163->166 167 7033d22-7033d26 164->167 168 7033d30-7033d34 164->168 165->162 166->164 167->168 169 7033d28 167->169 170 7033d46-7033d4d 168->170 171 7033d36-7033d3c 168->171 169->168 172 7033d64 170->172 173 7033d4f-7033d5e 170->173 171->170 174 7033d65 172->174 173->172 174->174
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07033C56
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 6c287c06e8c64b3eaa0f54a745e742d9022561afbd5ebedebb4f7d54c63ff90d
              • Instruction ID: b7116d343ba26f1c56dbc612449b14f86ebf4cc2da80970d65e495b971cddc13
              • Opcode Fuzzy Hash: 6c287c06e8c64b3eaa0f54a745e742d9022561afbd5ebedebb4f7d54c63ff90d
              • Instruction Fuzzy Hash: D5A16AB1D0075A9FEB10CF69C8817EEFBF6AF48310F1486A9D818A7240DB749985CF91
              Function 07033A20 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 176 7033a20-7033ab5 178 7033ab7-7033ac1 176->178 179 7033aee-7033b0e 176->179 178->179 180 7033ac3-7033ac5 178->180 184 7033b10-7033b1a 179->184 185 7033b47-7033b76 179->185 181 7033ac7-7033ad1 180->181 182 7033ae8-7033aeb 180->182 186 7033ad3 181->186 187 7033ad5-7033ae4 181->187 182->179 184->185 188 7033b1c-7033b1e 184->188 195 7033b78-7033b82 185->195 196 7033baf-7033c69 CreateProcessA 185->196 186->187 187->187 189 7033ae6 187->189 190 7033b41-7033b44 188->190 191 7033b20-7033b2a 188->191 189->182 190->185 193 7033b2e-7033b3d 191->193 194 7033b2c 191->194 193->193 197 7033b3f 193->197 194->193 195->196 198 7033b84-7033b86 195->198 207 7033c72-7033cf8 196->207 208 7033c6b-7033c71 196->208 197->190 200 7033ba9-7033bac 198->200 201 7033b88-7033b92 198->201 200->196 202 7033b96-7033ba5 201->202 203 7033b94 201->203 202->202 205 7033ba7 202->205 203->202 205->200 218 7033cfa-7033cfe 207->218 219 7033d08-7033d0c 207->219 208->207 218->219 222 7033d00 218->222 220 7033d0e-7033d12 219->220 221 7033d1c-7033d20 219->221 220->221 223 7033d14 220->223 224 7033d22-7033d26 221->224 225 7033d30-7033d34 221->225 222->219 223->221 224->225 226 7033d28 224->226 227 7033d46-7033d4d 225->227 228 7033d36-7033d3c 225->228 226->225 229 7033d64 227->229 230 7033d4f-7033d5e 227->230 228->227 231 7033d65 229->231 230->229 231->231
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07033C56
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 0c0cae579ee0c22ecf8dc0b2bac5948198f418f809083cdb2e3c030917629103
              • Instruction ID: d1714094a12e5711ea997e81256fd01ae9814b0751df05acf35f6ef2c298d0ad
              • Opcode Fuzzy Hash: 0c0cae579ee0c22ecf8dc0b2bac5948198f418f809083cdb2e3c030917629103
              • Instruction Fuzzy Hash: AE914AB1D007599FEB10CF69C8817DEFBF6AF48310F148669D819A7240DB749985CF91
              Function 009EB408 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 233 9eb408-9eb417 234 9eb419-9eb426 call 9e9e78 233->234 235 9eb443-9eb447 233->235 242 9eb43c 234->242 243 9eb428 234->243 236 9eb45b-9eb49c 235->236 237 9eb449-9eb453 235->237 244 9eb49e-9eb4a6 236->244 245 9eb4a9-9eb4b7 236->245 237->236 242->235 288 9eb42e call 9eb690 243->288 289 9eb42e call 9eb6a0 243->289 244->245 246 9eb4db-9eb4dd 245->246 247 9eb4b9-9eb4be 245->247 251 9eb4e0-9eb4e7 246->251 249 9eb4c9 247->249 250 9eb4c0-9eb4c7 call 9eb0c0 247->250 248 9eb434-9eb436 248->242 252 9eb578-9eb638 248->252 253 9eb4cb-9eb4d9 249->253 250->253 255 9eb4e9-9eb4f1 251->255 256 9eb4f4-9eb4fb 251->256 283 9eb63a-9eb63d 252->283 284 9eb640-9eb66b GetModuleHandleW 252->284 253->251 255->256 257 9eb4fd-9eb505 256->257 258 9eb508-9eb511 call 9eb0d0 256->258 257->258 264 9eb51e-9eb523 258->264 265 9eb513-9eb51b 258->265 267 9eb525-9eb52c 264->267 268 9eb541-9eb54e 264->268 265->264 267->268 269 9eb52e-9eb53e call 9eb0e0 call 9eb0f0 267->269 273 9eb550-9eb56e 268->273 274 9eb571-9eb577 268->274 269->268 273->274 283->284 285 9eb66d-9eb673 284->285 286 9eb674-9eb688 284->286 285->286 288->248 289->248
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 3bb4cc7e09908e576a821d59f019cbabf63dc0452977d11b99fb578495355579
              • Instruction ID: 44c48393872f60a59b7c6176617ff6cfa365208d79be630f985ddbb0d25b7d25
              • Opcode Fuzzy Hash: 3bb4cc7e09908e576a821d59f019cbabf63dc0452977d11b99fb578495355579
              • Instruction Fuzzy Hash: 33713270A00B458FEB25DF2AD04175BBBF5FF88300F108A2DE49A97A50EB75E945CB90
              Function 009EB2D8 Relevance: 1.7, APIs: 1, Instructions: 161COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 290 9eb2d8-9eb2e7 292 9eb2eb-9eb2ed 290->292 293 9eb2ef 292->293 294 9eb361 292->294 297 9eb2f3 293->297 295 9eb34b-9eb35f 294->295 296 9eb362-9eb366 294->296 295->294 296->297 305 9eb367-9eb369 296->305 298 9eb2ad-9eb2ae 297->298 299 9eb2f5-9eb2fb 297->299 302 9eb322-9eb323 298->302 303 9eb2b0-9eb2b7 298->303 301 9ed8e8-9ed97c DuplicateHandle 299->301 308 9ed97e-9ed984 301->308 309 9ed985-9ed9a2 301->309 306 9eb2a8-9eb2ab 302->306 307 9eb325 302->307 305->292 310 9eb36a-9eb36b 305->310 306->298 311 9eb329-9eb32a 307->311 312 9eb327 307->312 308->309 313 9eb38c 310->313 314 9eb36d-9eb36e 310->314 315 9eb32c-9eb32d 311->315 316 9eb370-9eb37b 311->316 312->311 323 9eb38e-9eb391 313->323 324 9eb392-9eb397 313->324 314->316 319 9eb37d-9eb385 314->319 321 9eb32f-9eb330 315->321 322 9eb3a3-9eb3c6 315->322 320 9eb388-9eb38b 316->320 319->320 320->313 321->305 325 9eb332-9eb345 321->325 327 9eb3ce-9eb3d5 322->327 323->324 326 9eb3d7-9eb3e2 323->326 324->327 328 9eb399 324->328 325->295 330 9eb3ef-9eb3f4 326->330 327->326 329 9eb3e4-9eb3ec 327->329 328->322 329->330
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a29fc3087d11b0e7e936e92fe2e20141bb3d0ff5ddf6f5a6a2a9f325ea1af56
              • Instruction ID: 170b4b0219cd69d469c59e9b58455b295d8f44a1cdca8f998bc081e37d08be8a
              • Opcode Fuzzy Hash: 0a29fc3087d11b0e7e936e92fe2e20141bb3d0ff5ddf6f5a6a2a9f325ea1af56
              • Instruction Fuzzy Hash: F551EB709017889FEB12CF6AC44179EBBF1FF49304F24985AE184AB211D3B5E906CBA1
              Function 009E58EC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 333 9e58ec-9e59b9 CreateActCtxA 335 9e59bb-9e59c1 333->335 336 9e59c2-9e5a1c 333->336 335->336 343 9e5a1e-9e5a21 336->343 344 9e5a2b-9e5a2f 336->344 343->344 345 9e5a40 344->345 346 9e5a31-9e5a3d 344->346 347 9e5a41 345->347 346->345 347->347
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 009E59A9
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 98dd1a826fe5acad577319714dbb2c19c4b37530b5978c190c40aaf34d929966
              • Instruction ID: e7991f8fcb279703afc99a58227dc8a927737e2cd5d443c8536757e85f0c3be4
              • Opcode Fuzzy Hash: 98dd1a826fe5acad577319714dbb2c19c4b37530b5978c190c40aaf34d929966
              • Instruction Fuzzy Hash: 3541D2B0C00759CFEB25DFAAC8847CEBBB5BF89304F20816AD408AB251DB75A945CF50
              Function 009E44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 349 9e44b4-9e59b9 CreateActCtxA 352 9e59bb-9e59c1 349->352 353 9e59c2-9e5a1c 349->353 352->353 360 9e5a1e-9e5a21 353->360 361 9e5a2b-9e5a2f 353->361 360->361 362 9e5a40 361->362 363 9e5a31-9e5a3d 361->363 364 9e5a41 362->364 363->362 364->364
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 009E59A9
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 8434c0100f7dd8e446ec713f6ae2598b1011ab964d5ab09ff92621214598442d
              • Instruction ID: 4ee9bb400012a34a7b513c891f53dcd5f5418adc9ed52b4717f8f09862f2bd0c
              • Opcode Fuzzy Hash: 8434c0100f7dd8e446ec713f6ae2598b1011ab964d5ab09ff92621214598442d
              • Instruction Fuzzy Hash: 5241C270C0075DCBEB25DFAAC8847DEBBB5BF49704F20816AD408AB251DB756945CF90
              Function 07033790 Relevance: 1.6, APIs: 1, Instructions: 77injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 366 7033790-7033794 367 7033796-70337d9 366->367 368 70337dc-70337e6 366->368 367->368 370 70337f6-7033835 WriteProcessMemory 368->370 371 70337e8-70337f4 368->371 373 7033837-703383d 370->373 374 703383e-703386e 370->374 371->370 373->374
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07033828
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 0436269bfc316304589887779502c9e6a1b0ea5318b82d49d66d3d6da2bec9a8
              • Instruction ID: 4492523d950aee472d3adbd0a9903d79a2cf299f33f1a326ea2cd763b03ce424
              • Opcode Fuzzy Hash: 0436269bfc316304589887779502c9e6a1b0ea5318b82d49d66d3d6da2bec9a8
              • Instruction Fuzzy Hash: 583137B69003499FDB10CFAAD885BDEBBF5FF49310F148429E958A7241D778A944CBA0
              Function 07033798 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 378 7033798-70337e6 380 70337f6-7033835 WriteProcessMemory 378->380 381 70337e8-70337f4 378->381 383 7033837-703383d 380->383 384 703383e-703386e 380->384 381->380 383->384
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07033828
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: c99553866e826fa46e49e94dbc3f899ac6ffda419ba382963b96497b4b1d5082
              • Instruction ID: 4bc8c8aad701cd070d928355acee35aea4b10955eca6c01352eb695253000e0f
              • Opcode Fuzzy Hash: c99553866e826fa46e49e94dbc3f899ac6ffda419ba382963b96497b4b1d5082
              • Instruction Fuzzy Hash: 1F2139B69003499FDB10CFAAC885BDEBBF5FF48310F14842AE918A7340D7799944CBA0
              Function 07033881 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 388 7033881-7033915 ReadProcessMemory 392 7033917-703391d 388->392 393 703391e-703394e 388->393 392->393
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07033908
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 138c1e5b6db801ef7c2b3d13f4b61545d2c0cf46916689df806cdd3608fbfd71
              • Instruction ID: a200da4e83af2dfa484fae9024226cde821dd2fb5bfca465e34b52b0edc7053d
              • Opcode Fuzzy Hash: 138c1e5b6db801ef7c2b3d13f4b61545d2c0cf46916689df806cdd3608fbfd71
              • Instruction Fuzzy Hash: 412124B29002499FDB10CFAAC881BEEBBF5FF48310F14842AE558A7240C7799544CBA1
              Function 070331C0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 397 70331c0-7033213 400 7033223-7033253 Wow64SetThreadContext 397->400 401 7033215-7033221 397->401 403 7033255-703325b 400->403 404 703325c-703328c 400->404 401->400 403->404
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07033246
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 3fd86294c42fdefc2ff6c1ea63202725d24af815e503cc1edf5508ef252dd82c
              • Instruction ID: 8bde7045b9958c2413a3364b22a1dd7c31f2d4d88ed462ec841a98cc8824cdc3
              • Opcode Fuzzy Hash: 3fd86294c42fdefc2ff6c1ea63202725d24af815e503cc1edf5508ef252dd82c
              • Instruction Fuzzy Hash: 09213AB2D003099FDB10DFAAC485BEEFBF4EF49210F148429D559A7240D7799545CFA1
              Function 009EB2F4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 408 9eb2f4-9ed97c DuplicateHandle 410 9ed97e-9ed984 408->410 411 9ed985-9ed9a2 408->411 410->411
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,009ED8AE,?,?,?,?,?), ref: 009ED96F
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: aa9ee8496dc0b7ed98dbc870e7e0f2ac5f8a5ff1a81e0bda55064055fddafc4f
              • Instruction ID: 427bf57e89f12d5e008835c0ebb57b36519ae00c252e16de3112e7b6ccad863e
              • Opcode Fuzzy Hash: aa9ee8496dc0b7ed98dbc870e7e0f2ac5f8a5ff1a81e0bda55064055fddafc4f
              • Instruction Fuzzy Hash: FE2116B59013489FDB10CF9AD884ADEFBF8EB48310F14801AE914A3350D374A944CFA0
              Function 070331C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 414 70331c8-7033213 416 7033223-7033253 Wow64SetThreadContext 414->416 417 7033215-7033221 414->417 419 7033255-703325b 416->419 420 703325c-703328c 416->420 417->416 419->420
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07033246
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 6aace79097e84b0a48255d63319b7bdb1ca256bf41da06d3e98ee7b962bc910d
              • Instruction ID: c0e7acd67d0537ef636f63a4f8eb3313b48bc089e97cd225f00d69c82f40e06d
              • Opcode Fuzzy Hash: 6aace79097e84b0a48255d63319b7bdb1ca256bf41da06d3e98ee7b962bc910d
              • Instruction Fuzzy Hash: 0E2127B1D003099FEB10DFAAC485BEEFBF4EF49210F14842AD559A7240D7799A44CFA1
              Function 07033888 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 424 7033888-7033915 ReadProcessMemory 427 7033917-703391d 424->427 428 703391e-703394e 424->428 427->428
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07033908
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: babb35e5346832e88030a32e0d99ec2a4b51ec5de1cf5888d93e3b6612f086bd
              • Instruction ID: d2281d89b23229300f2873df9a9844d522eee73bb2ad95d87d50519b699e5ba9
              • Opcode Fuzzy Hash: babb35e5346832e88030a32e0d99ec2a4b51ec5de1cf5888d93e3b6612f086bd
              • Instruction Fuzzy Hash: 722114B18003499FDB10CFAAC884BEEFBF5FF48310F14842AE558A7250C7799944CBA0
              Function 070336D0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07033746
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 95c61439a974713958089c13a3233a4a783416b93a8d4e692de561cc762e2d28
              • Instruction ID: caa21e599f7088f2fa9c81698cdd755a72638ec326b6f51da30a55c1322759af
              • Opcode Fuzzy Hash: 95c61439a974713958089c13a3233a4a783416b93a8d4e692de561cc762e2d28
              • Instruction Fuzzy Hash: 682167B29002499FDB20DFAAC884BDEFBF5EF49310F148419E515A7640C77AA544CBA0
              Function 070336D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07033746
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 638077a4e68d2b155030932915ef9e18aecb1d385277866a4f6e89109ca38c1b
              • Instruction ID: 2ddda62529c918770fa5e9ffbc16a4252f74b95aefd57d51d0218123e9099857
              • Opcode Fuzzy Hash: 638077a4e68d2b155030932915ef9e18aecb1d385277866a4f6e89109ca38c1b
              • Instruction Fuzzy Hash: F51126B69002499FDB10DFAAC844BDEBBF9EF49310F148419E519A7250C776A544CBA0
              Function 07033110 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 6ed078e97aaa91f44ee10bdfbe4dcae537eedda5dda4ba6f8b8aee207e4861db
              • Instruction ID: d307157a65d4c411f36c9f25b79273c60fb06f53751172ffbb8f4c4407c2ccba
              • Opcode Fuzzy Hash: 6ed078e97aaa91f44ee10bdfbe4dcae537eedda5dda4ba6f8b8aee207e4861db
              • Instruction Fuzzy Hash: 271158B19003498BDB10DFAAC8457DEFBF9EB48214F248419D459A7740C779A944CBA5
              Function 009E9E78 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,009EB424), ref: 009EB65E
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 1d4cd0cb232edf0d7938149fb6877e41742e3cd7bf2524d6fad42cafed1f0aab
              • Instruction ID: 96bc314a612512f2a0c289f7c3740c95bc4cb9003af67c3d199e0e6a5fe92738
              • Opcode Fuzzy Hash: 1d4cd0cb232edf0d7938149fb6877e41742e3cd7bf2524d6fad42cafed1f0aab
              • Instruction Fuzzy Hash: BC11F0B68007498BDB20DF9AC444B9EFBF8EB48724F10856AD819A7610D379A945CFA1
              Function 07033118 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 0e0d6442ffaa07698c7b045762c6f2d4970d19eac51e33ef7f4621d68767e0b4
              • Instruction ID: c8499d9b2fb321bf8951fd5348925fd8bf2319e97363a07287a7d2942400afc6
              • Opcode Fuzzy Hash: 0e0d6442ffaa07698c7b045762c6f2d4970d19eac51e33ef7f4621d68767e0b4
              • Instruction Fuzzy Hash: 1C113AB1D003498FDB10DFAAC4457DEFBF9EF48210F148419D519A7740C779A544CBA4
              Function 070360E1 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 07036145
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 7a6a31bc3cd8e6bd256f641fb101d22f9a2d0bac2f5ec7b6de31878c052e1c5f
              • Instruction ID: 2d67f6e94e1351da06bc6ef878e14d2250c3c8792228e1a25dcd3e1d478e2cc5
              • Opcode Fuzzy Hash: 7a6a31bc3cd8e6bd256f641fb101d22f9a2d0bac2f5ec7b6de31878c052e1c5f
              • Instruction Fuzzy Hash: 3111F2B58002499FDB10CF9AD885BDEFBF8EB48320F14841AE558A7740C375A944CFA1
              Function 070360E8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 07036145
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: cc2a14a5f11ef697978a5caaa71ed7d47e1aff5de8ee8ec8a6c5bd171c579aae
              • Instruction ID: 1ea3b494be354d759c6e81726f4a66cf7c00770502689d4b8405465c74173072
              • Opcode Fuzzy Hash: cc2a14a5f11ef697978a5caaa71ed7d47e1aff5de8ee8ec8a6c5bd171c579aae
              • Instruction Fuzzy Hash: C511E2B58003499FDB10CF9AC889BDEFBF8EB48320F14841AE558A7740C375A944CFA1
              Function 06F820A0 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06F81F59,?,?), ref: 06F82100
              Memory Dump Source
              • Source File: 00000000.00000002.1417405850.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6f80000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: d446eab4df3ce7454b2c90cd37c38bfcd6e1657d4fae2a4f0f442528e86c3e20
              • Instruction ID: 931271a358402c5fe3d7f4c395e93a98b6d9dca94000e04937f3fb11912911aa
              • Opcode Fuzzy Hash: d446eab4df3ce7454b2c90cd37c38bfcd6e1657d4fae2a4f0f442528e86c3e20
              • Instruction Fuzzy Hash: 472179B1900249CFDB10DF9AC885BEEBBF4FF48320F208459D558AB640D739A949CFA5
              Function 06F815AC Relevance: 1.3, APIs: 1, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06F81F59,?,?), ref: 06F82100
              Memory Dump Source
              • Source File: 00000000.00000002.1417405850.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6f80000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 37dfef69c84be9852a866e605176d20d397060e9c626a3f5e91743db8c72099f
              • Instruction ID: f35294ea52b521916133b7849b65113e25834b0fadec328a2fefb085c792baf9
              • Opcode Fuzzy Hash: 37dfef69c84be9852a866e605176d20d397060e9c626a3f5e91743db8c72099f
              • Instruction Fuzzy Hash: F91136B6800749CFDB20DF9AC445BDEBBF4EB48320F24846AD558A7740D379AA44CFA5
              Function 0092D3D8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412573994.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_92d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3ca0990f7ef1fecf8d8adee0419e2632acb23d317b8b02915514ff982eb63ab
              • Instruction ID: 36d00fdc57626cf8dde9e7f9df99e5bd959d5991e3504519ac9a8eb0999c3fd8
              • Opcode Fuzzy Hash: a3ca0990f7ef1fecf8d8adee0419e2632acb23d317b8b02915514ff982eb63ab
              • Instruction Fuzzy Hash: 5A210A71505344DFDB05EF10E9C0B26BB69FB94314F24C569D9094B2AAC33AE856CBA2
              Function 0092D4C4 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412573994.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_92d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc3f6bdfd6360a8ed2327cc35f0adbc05b10aab246bf4579983962dbc8250531
              • Instruction ID: a0af0db7e50f32599501ac82c2151f9f7cc6888916a613c7115acf76db1c7445
              • Opcode Fuzzy Hash: bc3f6bdfd6360a8ed2327cc35f0adbc05b10aab246bf4579983962dbc8250531
              • Instruction Fuzzy Hash: EA210371504240DFDB05EF10E9C0F26BB65FB88318F34C569E8090B29EC37AD856CAA2
              Function 0093D1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412621172.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_93d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07b0e5d90e272994f2a938e893509c413a988ba1f0310ae1ba5b9c74433c6eb8
              • Instruction ID: 658f1fce7e529c34d607d39dff393e34e894fb9bed8acba376d102eb64179700
              • Opcode Fuzzy Hash: 07b0e5d90e272994f2a938e893509c413a988ba1f0310ae1ba5b9c74433c6eb8
              • Instruction Fuzzy Hash: 2A212671504344EFDB05DF50E9D0B26BBA5FB84314F24C9ADE8194B292C73AD846CF62
              Function 0093D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412621172.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_93d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc39c6ca9c265f09a3db9a5f4c4fd2d71c752930d7558d4c5b1341458ca71dcb
              • Instruction ID: a665d69c747f86e12c4cb0b5fc1a70ddf5070c09024a436817f1f4e6508fb214
              • Opcode Fuzzy Hash: bc39c6ca9c265f09a3db9a5f4c4fd2d71c752930d7558d4c5b1341458ca71dcb
              • Instruction Fuzzy Hash: 23210775504344DFDB18DF10E5D0B26BB65FB84714F24C96DD84A4B296C33AD847CE62
              Function 0093D006 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412621172.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_93d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18197ed32304aca612c9bdfbd40ed95238cfba4c472898e9df0f9446d4348af5
              • Instruction ID: 5dfed74b66b66f7dcfc4162776c16031d67fcd9cee53a0ca151f119f11137ea7
              • Opcode Fuzzy Hash: 18197ed32304aca612c9bdfbd40ed95238cfba4c472898e9df0f9446d4348af5
              • Instruction Fuzzy Hash: 87218E755093808FCB06CF20D9A0715BF71EB46314F28C5EAD8498F6A7C33A980ACB62
              Function 0092D3D3 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412573994.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_92d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
              • Instruction ID: be08847b7d88fc47a75a991d442750ce841e550b0305dcb1d01a5b83949b64e6
              • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
              • Instruction Fuzzy Hash: 35112672404280CFDF01DF00D9C0B56BF72FB94324F24C2A9D8090B6AAC33AE856CBA1
              Function 0092D4BF Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412573994.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_92d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
              • Instruction ID: f1161c2faa33d1b15bc91fd591357312a6ec292f3894a380c59be2f2d733e65a
              • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
              • Instruction Fuzzy Hash: A8110372404280CFCB01CF10D5C0B56BF71FB84318F24C6A9E8090B65AC336D856CBA1
              Function 0093D1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412621172.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_93d000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
              • Instruction ID: 7eb16c7b18937c1e0c0977cc891f81249f18589be6cff843595598f76bfb68fc
              • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
              • Instruction Fuzzy Hash: A011BB75504280DFDB02CF10D5D0B16BBA1FB84314F28C6AAD8494B696C33AD84ACF62

              Non-executed Functions

              Function 07032468 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77da7e62db46be99f69f2eb0dd57bd4e31b898e36d12cd92d2f4822ee4371481
              • Instruction ID: 402488c7aba05e548dae3271f58947162713f2f9fe3f8e2a7c03ae179239178d
              • Opcode Fuzzy Hash: 77da7e62db46be99f69f2eb0dd57bd4e31b898e36d12cd92d2f4822ee4371481
              • Instruction Fuzzy Hash: 8CE10AB4E002198FDB14DFA9D580AAEFBF6BF89305F248169D414A7359D731AD41CFA0
              Function 070332A0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f348c1353364217fe865e718a291d49ddcbf19b9799527549fdd8d53c3680367
              • Instruction ID: 48f634963d86d5fc9244b222f0d0edcbc67372f17d71058078438fe28c0a7ac2
              • Opcode Fuzzy Hash: f348c1353364217fe865e718a291d49ddcbf19b9799527549fdd8d53c3680367
              • Instruction Fuzzy Hash: 4AE105B4E002198FDB14DFA9D580AAEFBF6BF89305F248269D414AB359D731AD41CF60
              Function 07030830 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70e0dc676f5c0ce6e6ea4d835736b3100070fb608bff7cbd39071c5e6e3e432e
              • Instruction ID: 00801ceee4a23fcd6b283b25aa05100daf4a88135b57b79237afd77df0b58fdb
              • Opcode Fuzzy Hash: 70e0dc676f5c0ce6e6ea4d835736b3100070fb608bff7cbd39071c5e6e3e432e
              • Instruction Fuzzy Hash: 07E115B4E102198FDB14DFA9D580AAEFBF6BF89305F248269D414AB359C731A941CF60
              Function 070328A0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7afa96ebedf583baaf2dec628cdd55d2f04e73910663dcba2b6a60e0e7be39a9
              • Instruction ID: 6d631438cc5d89c97019bba1f03314f5c2d8edf63d460e414208b61137e09a56
              • Opcode Fuzzy Hash: 7afa96ebedf583baaf2dec628cdd55d2f04e73910663dcba2b6a60e0e7be39a9
              • Instruction Fuzzy Hash: ECE115B4E106198FDB14DFA8D580AAEFBF6BF89304F248269D414AB359C731A941CF60
              Function 009EE1F4 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1412877540.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_9e0000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ae25125738ae24956aa56c28e76d760232d54ea0147a578d241aadfae5782ef
              • Instruction ID: 8b65e4abde2fe2a2d94c2c8ce19d48be0e8919f052f8941920d6d92655e1ede5
              • Opcode Fuzzy Hash: 1ae25125738ae24956aa56c28e76d760232d54ea0147a578d241aadfae5782ef
              • Instruction Fuzzy Hash: AAA16C32E002058FCF0ADFB6C85069EB7B6FF84300B15457AE915AB265DB75ED05CB80
              Function 07032457 Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e124ea3f48ffbad6ab0cfa46898eb5978a28f2d1451618c7365bb1ad0c6ea2e5
              • Instruction ID: 5d35bb432965837e20bf5d87df705833cd52a794608a9687c17a96c0c9596889
              • Opcode Fuzzy Hash: e124ea3f48ffbad6ab0cfa46898eb5978a28f2d1451618c7365bb1ad0c6ea2e5
              • Instruction Fuzzy Hash: 545109B4E102198FDB14CFA9D5809AEFBF6BF89305F24C26AD418A7315D7319A41CFA1
              Function 0703328F Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92aa5fecbeb8493a5eb3d96465b34730ef33d39ffa8a85db4f74eb72ab3192f3
              • Instruction ID: 3ed1b055c4991983655b290b5c914df73b3a9bcfa4b72837f3c0ed118c4e8dfc
              • Opcode Fuzzy Hash: 92aa5fecbeb8493a5eb3d96465b34730ef33d39ffa8a85db4f74eb72ab3192f3
              • Instruction Fuzzy Hash: 6D512AB4E002198FDB14DFA9D5805EEFBF6BF89301F24826AD418A7316D7359942CFA1
              Function 07030818 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1418037761.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7030000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18af5360b0c8bbce8f23f23cd0e34441e5c1e7e6f6ecdfbf54e20c4880e8cbf4
              • Instruction ID: 96562b2707af4f19dd58001ab2e7de50223c29771948220627be6a30939de273
              • Opcode Fuzzy Hash: 18af5360b0c8bbce8f23f23cd0e34441e5c1e7e6f6ecdfbf54e20c4880e8cbf4
              • Instruction Fuzzy Hash: 9F513EB0E012198FDB14CFA9D5805AEFBF6BF89300F2482AAD458A7355D7319E41CF60
              Function 06F87B22 Relevance: .1, Instructions: 125COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1417405850.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6f80000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b29de541959fb6b2ecaed7ab516d1f6457458394904a9eec59df0d14cc31ae8f
              • Instruction ID: 5b6f6579fc96a9c2131e06ca18e3761585ebb4d946c392d1ccaa922132dce879
              • Opcode Fuzzy Hash: b29de541959fb6b2ecaed7ab516d1f6457458394904a9eec59df0d14cc31ae8f
              • Instruction Fuzzy Hash: 86519075E056588FEB58DFAAC840B8DFBF2AF89300F14C5AAD409AB215E7305A85CF54

              Execution Graph

              Execution Coverage:0.9%
              Dynamic/Decrypted Code Coverage:4.7%
              Signature Coverage:4.7%
              Total number of Nodes:127
              Total number of Limit Nodes:12
              execution_graph 91265 424a43 91270 424a5c 91265->91270 91266 424aef 91267 424aa7 91273 42e3a3 91267->91273 91270->91266 91270->91267 91271 424aea 91270->91271 91272 42e3a3 RtlFreeHeap 91271->91272 91272->91266 91276 42c673 91273->91276 91275 424ab7 91277 42c690 91276->91277 91278 42c6a1 RtlFreeHeap 91277->91278 91278->91275 91279 42f943 91281 42f969 91279->91281 91280 42f9bb 91281->91280 91284 429803 91281->91284 91283 42fa10 91285 429861 91284->91285 91287 429875 91285->91287 91288 4174f3 91285->91288 91287->91283 91289 4174b6 91288->91289 91291 4174ea 91288->91291 91290 4174d3 LdrLoadDll 91289->91290 91289->91291 91290->91291 91291->91287 91292 42f563 91293 42f573 91292->91293 91294 42f579 91292->91294 91297 42e483 91294->91297 91296 42f59f 91300 42c623 91297->91300 91299 42e49e 91299->91296 91301 42c63d 91300->91301 91302 42c64e RtlAllocateHeap 91301->91302 91302->91299 91303 4246a3 91304 4246bf 91303->91304 91305 4246e7 91304->91305 91306 4246fb 91304->91306 91307 42c303 NtClose 91305->91307 91313 42c303 91306->91313 91309 4246f0 91307->91309 91310 424704 91316 42e4c3 RtlAllocateHeap 91310->91316 91312 42470f 91314 42c31d 91313->91314 91315 42c32e NtClose 91314->91315 91315->91310 91316->91312 91394 42b8f3 91395 42b910 91394->91395 91398 16a2df0 LdrInitializeThunk 91395->91398 91396 42b938 91398->91396 91399 42f693 91400 42f603 91399->91400 91401 42e483 RtlAllocateHeap 91400->91401 91402 42f660 91400->91402 91403 42f63d 91401->91403 91404 42e3a3 RtlFreeHeap 91403->91404 91404->91402 91405 428913 91406 428978 91405->91406 91407 4289af 91406->91407 91410 4240e3 91406->91410 91409 428991 91411 4240f3 91410->91411 91412 424077 91410->91412 91413 4241f1 91411->91413 91414 424273 91411->91414 91415 424288 91411->91415 91412->91409 91413->91409 91416 42c303 NtClose 91414->91416 91417 42c303 NtClose 91415->91417 91418 42427c 91416->91418 91420 424291 91417->91420 91418->91409 91419 4242c8 91419->91409 91420->91419 91421 42e3a3 RtlFreeHeap 91420->91421 91422 4242bc 91421->91422 91422->91409 91317 413903 91321 413923 91317->91321 91319 41398c 91320 413982 91321->91319 91322 41b0c3 RtlFreeHeap LdrInitializeThunk 91321->91322 91322->91320 91323 413723 91326 42c593 91323->91326 91327 42c5b0 91326->91327 91330 16a2c70 LdrInitializeThunk 91327->91330 91328 413742 91330->91328 91331 401ac4 91332 401ade 91331->91332 91335 42fa33 91332->91335 91333 401b6b 91333->91333 91338 42df83 91335->91338 91339 42dfa6 91338->91339 91348 4072c3 91339->91348 91341 42dfbc 91347 42e018 91341->91347 91351 41adb3 91341->91351 91343 42dfdb 91344 42c6c3 ExitProcess 91343->91344 91345 42dff0 91343->91345 91344->91345 91362 42c6c3 91345->91362 91347->91333 91365 416133 91348->91365 91350 4072d0 91350->91341 91352 41addf 91351->91352 91383 41aca3 91352->91383 91355 41ae24 91357 41ae40 91355->91357 91360 42c303 NtClose 91355->91360 91356 41ae0c 91358 41ae17 91356->91358 91359 42c303 NtClose 91356->91359 91357->91343 91358->91343 91359->91358 91361 41ae36 91360->91361 91361->91343 91363 42c6e0 91362->91363 91364 42c6f1 ExitProcess 91363->91364 91364->91347 91366 41614d 91365->91366 91368 416166 91366->91368 91369 42cd63 91366->91369 91368->91350 91371 42cd7d 91369->91371 91370 42cdac 91370->91368 91371->91370 91376 42b943 91371->91376 91374 42e3a3 RtlFreeHeap 91375 42ce1c 91374->91375 91375->91368 91377 42b960 91376->91377 91380 16a2c0a 91377->91380 91378 42b98c 91378->91374 91381 16a2c1f LdrInitializeThunk 91380->91381 91382 16a2c11 91380->91382 91381->91378 91382->91378 91384 41acbd 91383->91384 91388 41ad99 91383->91388 91389 42b9e3 91384->91389 91387 42c303 NtClose 91387->91388 91388->91355 91388->91356 91390 42ba00 91389->91390 91393 16a35c0 LdrInitializeThunk 91390->91393 91391 41ad8d 91391->91387 91393->91391

              Executed Functions

              Function 00417473 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 35 417473-41748f 36 417497-41749c 35->36 37 417492 call 42f0a3 35->37 38 4174a2-4174b0 call 42f6a3 36->38 39 41749e-4174a1 36->39 37->36 42 4174c0-4174d1 call 42da53 38->42 43 4174b2-4174bd call 42f943 38->43 48 4174d3-4174e7 LdrLoadDll 42->48 49 4174ea-4174ed 42->49 43->42 48->49
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004174E5
              Memory Dump Source
              • Source File: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_TNT Original Documents AWB 8013580.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: 52126dae7faad31c04decbc127e23bf898b39b7fd04cf1b34f2b8976ffd50565
              • Instruction ID: d0d4f872bbfbd303d99afe2d3f76877363c48562fdc16c1b597a2a2afd1d56d4
              • Opcode Fuzzy Hash: 52126dae7faad31c04decbc127e23bf898b39b7fd04cf1b34f2b8976ffd50565
              • Instruction Fuzzy Hash: FC015EB1E0020DABDB10DAA1DC42FDEB7B89B54308F4081AAE90897241F635EB588B95
              Function 0042C303 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 60 42c303-42c33c call 404763 call 42d543 NtClose
              APIs
              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C337
              Memory Dump Source
              • Source File: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_TNT Original Documents AWB 8013580.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: bd86089259d6e5875f4503909de52df89b4bed81ab109686b9406468e690c746
              • Instruction ID: 4f9f0b6843727175d19f8e88582730f826fa7f04181e02de9b26f8e5de11b647
              • Opcode Fuzzy Hash: bd86089259d6e5875f4503909de52df89b4bed81ab109686b9406468e690c746
              • Instruction Fuzzy Hash: 3FE086362502187BD620FE5ADC41FD7775DEFC5714F40841AFA08A7141CAB5B90187F5
              Function 016A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 75 16a2df0-16a2dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 3b97e626a0733293cde981a9be8735a3f26c1c5392f98c10887dfa62c23683ab
              • Instruction ID: e6b32c89d7ae4e8087a85503908431e7e2abacae833c8bf8fe0dd24cac09ead6
              • Opcode Fuzzy Hash: 3b97e626a0733293cde981a9be8735a3f26c1c5392f98c10887dfa62c23683ab
              • Instruction Fuzzy Hash: 3890023120140413D11175584D44747000D97D0241F95C412A4425758ED6568A92A721
              Function 016A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 74 16a2c70-16a2c7c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 2565ba985e4596ccd7fc466f36b5579d7ac0edba084d835f368e4c0e20f24a1f
              • Instruction ID: ed063ffb204c1edfff3e751b7b4a6484a5c05932cf07fa716bc76dc7269cb17f
              • Opcode Fuzzy Hash: 2565ba985e4596ccd7fc466f36b5579d7ac0edba084d835f368e4c0e20f24a1f
              • Instruction Fuzzy Hash: 2790023120148802D11075588C4478B000D97D0301F59C411A8425758EC69589D17721
              Function 016A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 76 16a35c0-16a35cc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: ea81de1c8f57653e80facde3dc2a860a3331bd513d9e83068ab91a993ec5cb35
              • Instruction ID: 653a932834fc98ebff9b6ebf94e84b83981b4a7c1f13c9b47c80cebd0f331da2
              • Opcode Fuzzy Hash: ea81de1c8f57653e80facde3dc2a860a3331bd513d9e83068ab91a993ec5cb35
              • Instruction Fuzzy Hash: C190023160550402D10075584D54747100D97D0201F65C411A4425768EC7958A916BA2
              Function 004174F3 Relevance: 1.6, APIs: 1, Instructions: 134libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 9 4174f3-4174fe 10 417500-41750a 9->10 11 41751b-417531 9->11 12 4174b6-4174d1 call 42da53 10->12 13 41750c-41751a 10->13 14 417533-417538 11->14 15 41757a-417585 11->15 29 4174d3-4174e7 LdrLoadDll 12->29 30 4174ea-4174ed 12->30 13->11 17 4175b3-4175bf 14->17 18 41753a-41753e 14->18 15->17 21 4175c1 17->21 22 417569-417578 17->22 19 417540 18->19 20 417579 18->20 25 417561-417564 19->25 26 417542-41755d 19->26 20->15 27 4175c3-4175d1 21->27 28 4175ef-41762e call 42f103 call 42b2e3 21->28 22->20 25->22 26->25 29->30
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004174E5
              Memory Dump Source
              • Source File: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_TNT Original Documents AWB 8013580.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: 7c517d178d7007ee99312d50ed5bccb8a3f1b725f9d2c31633041e2592002b56
              • Instruction ID: f931f9d862489e5a57b838b22117c1fa0e12fd18252a165208f0122d9ecdea77
              • Opcode Fuzzy Hash: 7c517d178d7007ee99312d50ed5bccb8a3f1b725f9d2c31633041e2592002b56
              • Instruction Fuzzy Hash: F7419D72A0C2867BCB12DB34CC91ADABF759B02258F1843DDF5988B693D2349549C395
              Function 0042C673 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 55 42c673-42c6b7 call 404763 call 42d543 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,88558D00,00000007,00000000,00000004,00000000,00416CF8,000000F4), ref: 0042C6B2
              Memory Dump Source
              • Source File: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_TNT Original Documents AWB 8013580.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID:
              • API String ID: 3298025750-0
              • Opcode ID: 5b7ec1997cc7bba348007fb009d34e34bc61468facd6fd55fdfdc7a5d4fd4893
              • Instruction ID: 981bcd8a93e5c7d96da6fd6fc87b500a48271dc180729be57afcfd2d4f9e0909
              • Opcode Fuzzy Hash: 5b7ec1997cc7bba348007fb009d34e34bc61468facd6fd55fdfdc7a5d4fd4893
              • Instruction Fuzzy Hash: EDE06D712042147BD610EE59EC85FEB37ACEFC5714F004419FA08A7241C670B9118BB9
              Function 0042C623 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 50 42c623-42c664 call 404763 call 42d543 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(?,0041E24E,?,?,00000000,?,0041E24E,?,?,?), ref: 0042C65F
              Memory Dump Source
              • Source File: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_TNT Original Documents AWB 8013580.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 4ee5dae06c8b689ecf407c44e84c784f67acb8431ce06ff937e2f2b9fcb55efe
              • Instruction ID: 5448fc10258d4d570953b4680de73db897307320b18f9cd148b89a2648b04ad7
              • Opcode Fuzzy Hash: 4ee5dae06c8b689ecf407c44e84c784f67acb8431ce06ff937e2f2b9fcb55efe
              • Instruction Fuzzy Hash: 05E06D752042147BDA14EE59EC41F9B33ACEFC9714F00441AF918A7241CA70B911CBB9
              Function 0042C6C3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 65 42c6c3-42c6ff call 404763 call 42d543 ExitProcess
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_TNT Original Documents AWB 8013580.jbxd
              Yara matches
              Similarity
              • API ID: ExitProcess
              • String ID:
              • API String ID: 621844428-0
              • Opcode ID: b3bb4f04ae8c7a95aa100a9def70feac768cf31b8f53eff9ef6e127b728b6d60
              • Instruction ID: 61fb26c05c0232af16ed1e21438b20158ecf009510f9f9efad02291a7eabb7db
              • Opcode Fuzzy Hash: b3bb4f04ae8c7a95aa100a9def70feac768cf31b8f53eff9ef6e127b728b6d60
              • Instruction Fuzzy Hash: 16E04F356046147BD520BF6AEC41F9B775DDFC5754F404459FA08A7241C7B1B90087E5
              Function 016A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 70 16a2c0a-16a2c0f 71 16a2c1f-16a2c26 LdrInitializeThunk 70->71 72 16a2c11-16a2c18 70->72
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: d9048ffc26340c530bb09233c6c16f71e004edd642c97e206816dade177c334f
              • Instruction ID: 717f265e36e9f8125d50d46146fabae36d6587b24a79ce60de830da662f60bb0
              • Opcode Fuzzy Hash: d9048ffc26340c530bb09233c6c16f71e004edd642c97e206816dade177c334f
              • Instruction Fuzzy Hash: 7FB09B719415C5C5DA51E7644E08717790477D0701F55C065D2030751F4738C5D1E775

              Non-executed Functions

              Function 016E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: 7b9cd9b05c62c6d7b0db021678e50fdcea96b83a5a932661feb43a0d51bdd65c
              • Instruction ID: 50468fcef389458362a8864abddbf0f06c952bc46572721c6df3d958ec596ffb
              • Opcode Fuzzy Hash: 7b9cd9b05c62c6d7b0db021678e50fdcea96b83a5a932661feb43a0d51bdd65c
              • Instruction Fuzzy Hash: 3D92AC71605342ABE721CF28CC98B6BBBEABB84754F044A1DFA95D7350D770E844CB92
              Function 01698620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
              Download Yara Rule
              Strings
              • double initialized or corrupted critical section, xrefs: 016D5508
              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016D54E2
              • corrupted critical section, xrefs: 016D54C2
              • Address of the debug info found in the active list., xrefs: 016D54AE, 016D54FA
              • 8, xrefs: 016D52E3
              • Critical section debug info address, xrefs: 016D541F, 016D552E
              • Invalid debug info address of this critical section, xrefs: 016D54B6
              • Thread is in a state in which it cannot own a critical section, xrefs: 016D5543
              • undeleted critical section in freed memory, xrefs: 016D542B
              • Thread identifier, xrefs: 016D553A
              • Critical section address., xrefs: 016D5502
              • Critical section address, xrefs: 016D5425, 016D54BC, 016D5534
              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016D54CE
              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016D540A, 016D5496, 016D5519
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
              • API String ID: 0-2368682639
              • Opcode ID: 0b3dfdd72d242ac6d696cbfe3ae12a55c034bb3c0f439c71249e5f71643bd44e
              • Instruction ID: 0b08c4916a615d1aa65178910a116510be5c3f051a6467e8e6c38964831f9c7b
              • Opcode Fuzzy Hash: 0b3dfdd72d242ac6d696cbfe3ae12a55c034bb3c0f439c71249e5f71643bd44e
              • Instruction Fuzzy Hash: 868199B1E41358AFDB21CF99CC45BAEBBB9FB09710F104159F506BB640D3B5A941CBA0
              Function 016929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
              Download Yara Rule
              Strings
              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016D22E4
              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016D24C0
              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 016D2412
              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 016D2498
              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 016D2409
              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016D25EB
              • @, xrefs: 016D259B
              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 016D2602
              • RtlpResolveAssemblyStorageMapEntry, xrefs: 016D261F
              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 016D2506
              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 016D2624
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
              • API String ID: 0-4009184096
              • Opcode ID: 002daacc4221cb75d8c41b83ebd5ef413df2e3ada9cc9887e3f0a2e46ec61296
              • Instruction ID: 444f9544ec616f070546fb8a2bd44ea3943ebbe3b7498d3339913686350dea2a
              • Opcode Fuzzy Hash: 002daacc4221cb75d8c41b83ebd5ef413df2e3ada9cc9887e3f0a2e46ec61296
              • Instruction Fuzzy Hash: 8C027FB1D01269AFDF61DB54CC90BEAB7B8AF54304F4041DEEA09A7241DB309E85CF59
              Function 01708B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
              • API String ID: 0-2515994595
              • Opcode ID: 93a1f57bf4c05d08c4b6e072ab81fda095ba846f7bad416ddb6f424496ee79b2
              • Instruction ID: bfdb15e91bf5d483ba3cd21c363523141e552440d437c235824b61ff45d1a447
              • Opcode Fuzzy Hash: 93a1f57bf4c05d08c4b6e072ab81fda095ba846f7bad416ddb6f424496ee79b2
              • Instruction Fuzzy Hash: 245190B1904305ABD726DF188C44BABBBEDEFD8350F144A6DE95983281E770D644CB92
              Function 01710274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: 7b899b587da503fd53d679b4854c0f61175d97c242cb2c2e01916890e6a2df45
              • Instruction ID: f7275680b9ecb3630261b3ba40f0d16ffc123f783fd295a2ce416bf575690987
              • Opcode Fuzzy Hash: 7b899b587da503fd53d679b4854c0f61175d97c242cb2c2e01916890e6a2df45
              • Instruction Fuzzy Hash: 07D1C931600686DFDB22DFACC840AAEFBF2FF4A710F188459F8469B256D7749981CB14
              Function 016E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
              Download Yara Rule
              Strings
              • HandleTraces, xrefs: 016E8C8F
              • VerifierFlags, xrefs: 016E8C50
              • VerifierDlls, xrefs: 016E8CBD
              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 016E8A3D
              • VerifierDebug, xrefs: 016E8CA5
              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 016E8A67
              • AVRF: -*- final list of providers -*- , xrefs: 016E8B8F
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
              • API String ID: 0-3223716464
              • Opcode ID: b5efcc581e93493c3b0a6e58c67c4a27aa60c070693d9e94a85ad54cf4274966
              • Instruction ID: a90b1c772bc5831b71f16bfca53519fafe3a83f619c5229be19b94fcb80bf023
              • Opcode Fuzzy Hash: b5efcc581e93493c3b0a6e58c67c4a27aa60c070693d9e94a85ad54cf4274966
              • Instruction Fuzzy Hash: E59126B2646712EFDB21DF68CC88B1A7BEAAF55B24F04465CFA416B240D7B0AC01C795
              Function 0166EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
              • API String ID: 0-1109411897
              • Opcode ID: 28e32bfe814b4f10ced9c1c388ab1a38bce81c59cd2dc54c7562bcb9b4523b1d
              • Instruction ID: 5a883a6d6fc4b89c0122808b56c802c0860f7ed330841583836986cbf4fba7d1
              • Opcode Fuzzy Hash: 28e32bfe814b4f10ced9c1c388ab1a38bce81c59cd2dc54c7562bcb9b4523b1d
              • Instruction Fuzzy Hash: 3CA23874A0562A8FDB64CF19CCA87A9BBB9EF45704F2442E9D90DA7350DB319E81CF40
              Function 016963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
              • API String ID: 0-792281065
              • Opcode ID: ab85811f0dec3a264e17704b2590f9930dde3ffffac1d3a5337a6e40d8156d0d
              • Instruction ID: c3b9cbe986792f6dd04ceaacc5a22cb92cc60ac4f04c315f67f12a78c6a9a19e
              • Opcode Fuzzy Hash: ab85811f0dec3a264e17704b2590f9930dde3ffffac1d3a5337a6e40d8156d0d
              • Instruction Fuzzy Hash: EE914871E013159BEB25DF68DC94BAA7BA6AB40B24F14812DE9016B781DBB09C42CB94
              Function 0165645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
              Download Yara Rule
              Strings
              • apphelp.dll, xrefs: 01656496
              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016B99ED
              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 016B9A01
              • minkernel\ntdll\ldrinit.c, xrefs: 016B9A11, 016B9A3A
              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 016B9A2A
              • LdrpInitShimEngine, xrefs: 016B99F4, 016B9A07, 016B9A30
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-204845295
              • Opcode ID: cf96e0f7d805c43e2f40d627f1be779ef2c29b0df515b1f92a22f6cd3db5419c
              • Instruction ID: e2845e676991f034ae8b6e1f6d1803644c61687ccdb45a98465246af99abac89
              • Opcode Fuzzy Hash: cf96e0f7d805c43e2f40d627f1be779ef2c29b0df515b1f92a22f6cd3db5419c
              • Instruction Fuzzy Hash: E251D0B12083059BD720DF24DC81AAB7BE9FB84758F40491DFE869B260D770E944CB92
              Function 01692674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • RtlGetAssemblyStorageRoot, xrefs: 016D2160, 016D219A, 016D21BA
              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 016D2178
              • SXS: %s() passed the empty activation context, xrefs: 016D2165
              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 016D219F
              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 016D2180
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016D21BF
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
              • API String ID: 0-861424205
              • Opcode ID: ac8315ecb4a43b61438996c9297a3ca4d6db14b1a372a73018cff28d7b4478ae
              • Instruction ID: 28f1adf07dcfaa272f41e8b4c57cd810e8828a8fbff15e5cc06f27a396238165
              • Opcode Fuzzy Hash: ac8315ecb4a43b61438996c9297a3ca4d6db14b1a372a73018cff28d7b4478ae
              • Instruction Fuzzy Hash: EC313976F00215BBFB218AA98C51F6F7A6DDBA5A51F05806DFB057B200D3709A01C6A1
              Function 0169C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 016D8181, 016D81F5
              • Loading import redirection DLL: '%wZ', xrefs: 016D8170
              • LdrpInitializeImportRedirection, xrefs: 016D8177, 016D81EB
              • Unable to build import redirection Table, Status = 0x%x, xrefs: 016D81E5
              • minkernel\ntdll\ldrinit.c, xrefs: 0169C6C3
              • LdrpInitializeProcess, xrefs: 0169C6C4
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-475462383
              • Opcode ID: dac3cc02ca8a062e7199a6329b84df3623ad885e866a10d4c63ba87ea7c32f2d
              • Instruction ID: 4c58c073c56f48b3a2160fa64f575af7337a69feac0ae8a2bd18dd13dbfdfcbe
              • Opcode Fuzzy Hash: dac3cc02ca8a062e7199a6329b84df3623ad885e866a10d4c63ba87ea7c32f2d
              • Instruction Fuzzy Hash: DB310471A443169BC314EF29DC46E1AB7D9EF90B20F04065CF9456B391E660EC04CBE6
              Function 016A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 016A2DF0: LdrInitializeThunk.NTDLL ref: 016A2DFA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016A0BA3
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016A0BB6
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016A0D60
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016A0D74
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
              • String ID:
              • API String ID: 1404860816-0
              • Opcode ID: f9c94d97480cbdac092ba091f061bbd6433b9cb0461348f16c1be16d6d90ada1
              • Instruction ID: 8ec7a7c97378a53e1e635bc0b478f743439b8414dea98388e05f6c17323355e9
              • Opcode Fuzzy Hash: f9c94d97480cbdac092ba091f061bbd6433b9cb0461348f16c1be16d6d90ada1
              • Instruction Fuzzy Hash: 66425C72900715DFDB21CF28CC80BAAB7F5BF44314F5445A9E989EB241E770A985CFA1
              Function 0166A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: 1a1f442aa7317bf7b8fed193816b0ca6994ef960d17d9ea5f2d678df2a225dfe
              • Instruction ID: 5aabd2ff24b1cb4d9a25d21b7b44b27facd8eeca54304d517169e26c2ff82cd2
              • Opcode Fuzzy Hash: 1a1f442aa7317bf7b8fed193816b0ca6994ef960d17d9ea5f2d678df2a225dfe
              • Instruction Fuzzy Hash: D3C189751083828FD711CF98C844B6AB7E8FF84708F04896EF996AB351E734D94ACB56
              Function 01698402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 01698591
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0169855E
              • minkernel\ntdll\ldrinit.c, xrefs: 01698421
              • LdrpInitializeProcess, xrefs: 01698422
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: a36bf168681b9ed015d1798b292df054125db335d4771b932875b3ff13263ef9
              • Instruction ID: 74fcc171b9948007ba31ed835b833ff8c79320d81d256a5308519919c2388f56
              • Opcode Fuzzy Hash: a36bf168681b9ed015d1798b292df054125db335d4771b932875b3ff13263ef9
              • Instruction Fuzzy Hash: 6B91BA71548349AFEB21DE65CC80FABBAECBF85654F40492EFA8593101E330D908CB66
              Function 0169273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • .Local, xrefs: 016928D8
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016D22B6
              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016D21D9, 016D22B1
              • SXS: %s() passed the empty activation context, xrefs: 016D21DE
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
              • API String ID: 0-1239276146
              • Opcode ID: 374908b2a094c2240b56f580969302e195ec0a8f06e5221dcc8109201919922c
              • Instruction ID: 1b2cd3dd9ac78e86304676aa9909f8d87b30ed787746908b9e5b774935a20139
              • Opcode Fuzzy Hash: 374908b2a094c2240b56f580969302e195ec0a8f06e5221dcc8109201919922c
              • Instruction Fuzzy Hash: 22A19A31900229ABDF24CF69DC94BA9B7B9BF58314F1541EEE908AB351D7309E81CF94
              Function 01694AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
              Download Yara Rule
              Strings
              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 016D342A
              • RtlDeactivateActivationContext, xrefs: 016D3425, 016D3432, 016D3451
              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 016D3437
              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 016D3456
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
              • API String ID: 0-1245972979
              • Opcode ID: d80f3c3d71b6b6abad54eeb25c30b508a61a64518517a6d186e4ce841ad4ff90
              • Instruction ID: a3fa2fb4bc83bc266f96e93b11112e14ef797d81c18ccaa2c5690f8389b56df3
              • Opcode Fuzzy Hash: d80f3c3d71b6b6abad54eeb25c30b508a61a64518517a6d186e4ce841ad4ff90
              • Instruction Fuzzy Hash: 47611476A41B129FDB22CF1CCD41B2AB7E9BF90B50F14851DE9559B340DB38E802CB96
              Function 016664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 016C1028
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016C10AE
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 016C0FE5
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 016C106B
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: fcf4609392d51540699efff12dd598a1db3ad7a80552496312b12c4f1c83ad03
              • Instruction ID: 7653c44e5a4aea6f2318558e8aa66b6b97afb775ce81a6293bca780907bde250
              • Opcode Fuzzy Hash: fcf4609392d51540699efff12dd598a1db3ad7a80552496312b12c4f1c83ad03
              • Instruction Fuzzy Hash: 3871CBB1904346AFCB21DF18CC85BAB7BADEF94B64F40046CF9498B246D734D589CB92
              Function 0168245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 016CA992
              • apphelp.dll, xrefs: 01682462
              • LdrpDynamicShimModule, xrefs: 016CA998
              • minkernel\ntdll\ldrinit.c, xrefs: 016CA9A2
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-176724104
              • Opcode ID: 1cc5556040584b851161f55beb50ebbb583f19c0511db75d1b34fe384ff0aa3c
              • Instruction ID: e577d2097add1dd6704619fb7082728786cd3d06199a0cd2d92173ed8b150f36
              • Opcode Fuzzy Hash: 1cc5556040584b851161f55beb50ebbb583f19c0511db75d1b34fe384ff0aa3c
              • Instruction Fuzzy Hash: E7315771A40305ABD731AF9DDC85ABABBB5FB80B24F15411DF80067355D7B06882C790
              Function 016729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
              Download Yara Rule
              Strings
              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0167327D
              • HEAP[%wZ]: , xrefs: 01673255
              • HEAP: , xrefs: 01673264
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
              • API String ID: 0-617086771
              • Opcode ID: e94ce2a2ee81cb70bb81518db703915d957684a870b52f5dd7a41970f9f09e66
              • Instruction ID: 41752a0ccbba529b55aae605b4a268c08affc55ebc37f57adfd9009c93ca396f
              • Opcode Fuzzy Hash: e94ce2a2ee81cb70bb81518db703915d957684a870b52f5dd7a41970f9f09e66
              • Instruction Fuzzy Hash: 0192CC71A042499FEB25CF68C854BAEBBF1FF48300F18849DE899AB351D735A942DF50
              Function 01670770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-4253913091
              • Opcode ID: 46c5ca93d58d743e26d4eb564cb77b4f6daa5c5f9ce4328bfbcec3ea06646de6
              • Instruction ID: c4476c5840661b727f76828aef56b64d0193938c335b584818b76bc81900cc83
              • Opcode Fuzzy Hash: 46c5ca93d58d743e26d4eb564cb77b4f6daa5c5f9ce4328bfbcec3ea06646de6
              • Instruction Fuzzy Hash: F5F18970700606DFEB25CF68CC94B7AB7B6FB46704F148169E5169B392D734E982CBA0
              Function 01686962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: $@
              • API String ID: 0-1077428164
              • Opcode ID: 77a8fb8493e3f338459302fced55c4939460a9cbe616d3f05bc4e522fb4e8020
              • Instruction ID: 930e865c587e53356900af623bfe86820adb13b0c88c2dbd785d5bc2fdbda509
              • Opcode Fuzzy Hash: 77a8fb8493e3f338459302fced55c4939460a9cbe616d3f05bc4e522fb4e8020
              • Instruction Fuzzy Hash: C6C28E716083419FEB25DF29CC80BABBBE5EF88754F148A2DE98987341D734D845CB92
              Function 0165A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: 0f1bfc5f52db0135e31bb88e89b646b759362e0154376de8612f7af4b6dfe87a
              • Instruction ID: 7639d7b7ad0c952f16e854e5e208b1c9a12da6dcd33558bd609ebdaa21d1db1e
              • Opcode Fuzzy Hash: 0f1bfc5f52db0135e31bb88e89b646b759362e0154376de8612f7af4b6dfe87a
              • Instruction Fuzzy Hash: 5EA168729116299BDB319F68CC88BEAB7B8EF44700F1041EAEA09A7250D7359FC5CF54
              Function 01680BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
              Download Yara Rule
              Strings
              • Failed to allocated memory for shimmed module list, xrefs: 016CA10F
              • LdrpCheckModule, xrefs: 016CA117
              • minkernel\ntdll\ldrinit.c, xrefs: 016CA121
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
              • API String ID: 0-161242083
              • Opcode ID: 0292593da374f18ef7fd00d5e6838d684ecc7c787b91a90d98f663caf5d6bc4d
              • Instruction ID: 13b85abffb2ceba66edf28351de32c78aa7c5b24d8e0e8ab24faea3ca00183ca
              • Opcode Fuzzy Hash: 0292593da374f18ef7fd00d5e6838d684ecc7c787b91a90d98f663caf5d6bc4d
              • Instruction Fuzzy Hash: 6071CE71A00309DFDB25EFA8CD80ABEB7F5FB44614F14856DE802A7311E774A986CB50
              Function 01670A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-1334570610
              • Opcode ID: 0a5f7e9339b6be15b453212f5fe7b9c3ad565a1f3cecf18c5ab1319aab6a51a5
              • Instruction ID: 8f6a97106326481f71776f4a6fa0e55a8794f4fe4584c0f729f801041502d0ed
              • Opcode Fuzzy Hash: 0a5f7e9339b6be15b453212f5fe7b9c3ad565a1f3cecf18c5ab1319aab6a51a5
              • Instruction Fuzzy Hash: 2E618D706003019FDB29DF28CC44B6ABBA1FF46B04F14855EE85A8B396D771E981CBA5
              Function 0169C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
              Download Yara Rule
              Strings
              • Failed to reallocate the system dirs string !, xrefs: 016D82D7
              • LdrpInitializePerUserWindowsDirectory, xrefs: 016D82DE
              • minkernel\ntdll\ldrinit.c, xrefs: 016D82E8
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1783798831
              • Opcode ID: 7f0108169b3d21bb336b7040d27da18313576576d17440706b3199232c3379d8
              • Instruction ID: 996cbcfd9b6122a387c34c64332d854f050f4d77c2d5ff0e381d27118cf71161
              • Opcode Fuzzy Hash: 7f0108169b3d21bb336b7040d27da18313576576d17440706b3199232c3379d8
              • Instruction Fuzzy Hash: B941C071544301EBDB21EB68DC44B6B7BE9EF54760F00892EF949D7290EBB0D800CBA5
              Function 0171C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • PreferredUILanguages, xrefs: 0171C212
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0171C1C5
              • @, xrefs: 0171C1F1
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: d4338e80f6b96bd8efeff918e920d2570048c437eb6fba0da35b08a137abee98
              • Instruction ID: fb52b3706083311ac9a00cbfb39a77548bfdd35fe573c98384fe8b188dd0cab6
              • Opcode Fuzzy Hash: d4338e80f6b96bd8efeff918e920d2570048c437eb6fba0da35b08a137abee98
              • Instruction Fuzzy Hash: F4418371E44219EBDF12DADCCC51FEEFBB9AB18700F00406AEA05B7244D7749A44CB54
              Function 016F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: 5ee706bf6eab3191241e7dae13a0c523d13300eabb42cafacfafb3be6f10a467
              • Instruction ID: c8b86c7415bd4699ffcdd09c83797d241c5562973e586a7fdece4ad4e33e93c5
              • Opcode Fuzzy Hash: 5ee706bf6eab3191241e7dae13a0c523d13300eabb42cafacfafb3be6f10a467
              • Instruction Fuzzy Hash: E6411532A00258CBEB25DBE9CC44BAEBBB9FF55340F14046EDA01EBB81DB358901CB15
              Function 016E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 016E4899
              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 016E4888
              • LdrpCheckRedirection, xrefs: 016E488F
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-3154609507
              • Opcode ID: 0d10a7d21186d7761289c0035f76624ef8ad4671b169c56f5ad5d3abbd35de00
              • Instruction ID: af10c36fb23a22717dcc793c0a30d83f5c2d9f5bcea4a20be8d9a847c35507d0
              • Opcode Fuzzy Hash: 0d10a7d21186d7761289c0035f76624ef8ad4671b169c56f5ad5d3abbd35de00
              • Instruction Fuzzy Hash: 1B41AF32A063519BCB21CE79DC48A277BE9AF89690F06076DED49DB351DB30D801CB91
              Function 01670BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-2558761708
              • Opcode ID: d3e775272ba7b6d984897dab40b644ea844678768008be486bdca2fa031dff56
              • Instruction ID: c76312dd33f3ef53911a6a17a50d9d0a84dbf2159c304ce95eb57382beca3267
              • Opcode Fuzzy Hash: d3e775272ba7b6d984897dab40b644ea844678768008be486bdca2fa031dff56
              • Instruction Fuzzy Hash: AA118C313161429FDB29CA18CC45B7AF3A6EB42B15F28C15EF407CB251DB70E881C765
              Function 016E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrinit.c, xrefs: 016E2104
              • LdrpInitializationFailure, xrefs: 016E20FA
              • Process initialization failed with status 0x%08lx, xrefs: 016E20F3
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2986994758
              • Opcode ID: a02a17a001e2b889f2f603d61d675d0b5dbac1e9f2d721ae5390663d9db62469
              • Instruction ID: f4bfb1194201508c1036ed2e16b38be0df958054d938a111c4ea4c77f03d1835
              • Opcode Fuzzy Hash: a02a17a001e2b889f2f603d61d675d0b5dbac1e9f2d721ae5390663d9db62469
              • Instruction Fuzzy Hash: BCF02834A41308BFE720DA4CDC56FD93BADEB40B64F10001CF7016B281D2F0AA44CA41
              Function 016703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: 8ca5c3a37b3f09eb9925be3feb1748456634fd177caf6057001219a5af05e2b7
              • Instruction ID: 62fddc263be2f4930670505b7b4d04241b77e759db5322ef70a33481b95ee798
              • Opcode Fuzzy Hash: 8ca5c3a37b3f09eb9925be3feb1748456634fd177caf6057001219a5af05e2b7
              • Instruction Fuzzy Hash: 5C713772A0114A9FDB01DFA8CD94BAEBBF9EF08704F154069E905A7351EB34EE01CB65
              Function 0166A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule
              Strings
              • LdrResSearchResource Exit, xrefs: 0166AA25
              • LdrResSearchResource Enter, xrefs: 0166AA13
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
              • API String ID: 0-4066393604
              • Opcode ID: 3c2780c835c386be9d05a80e73e75fc9809d79ff4e94c249a2e3a19faef49f46
              • Instruction ID: 419ced41f38c4eb2ab9248ea0a9f6d754557d353f93ec2a8d598c6dbd7134a39
              • Opcode Fuzzy Hash: 3c2780c835c386be9d05a80e73e75fc9809d79ff4e94c249a2e3a19faef49f46
              • Instruction Fuzzy Hash: 04E15871A00259AFEB228ED9CD90BBEBBBAFB48710F10452AED11E7351DB749941CB50
              Function 0172A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: 4e29ee7f84bfbc92052c0844294fcfb5752f768b5a2f471baf30659625d99f9b
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: 18C1DF312043529BEB24CF28C844B2BFBE6AFC4318F184A2DF696CB691D774D506CB45
              Function 016DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Legacy$UEFI
              • API String ID: 2994545307-634100481
              • Opcode ID: 1c071373abb0416674519cb38a6c829db65906891b69d6d6309823025b3fd636
              • Instruction ID: e593c4aeb60843331de77cc20e02970db3f7dd33632923124af398cfe96d6f0c
              • Opcode Fuzzy Hash: 1c071373abb0416674519cb38a6c829db65906891b69d6d6309823025b3fd636
              • Instruction Fuzzy Hash: 9D616C71E007199FDB24DFA8CC81BAEBBB9FB44700F15406EE649EB291D732A941CB54
              Function 017043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: @$MUI
              • API String ID: 0-17815947
              • Opcode ID: 14ef6a2887600ba4ad7de7a0386e86de8465ae96e0be90065811d75b6e93361a
              • Instruction ID: a8c23fac3388ff827f7e1a60eb402d2d5b2dc7c2b8ab19b9e74194373eb4d78f
              • Opcode Fuzzy Hash: 14ef6a2887600ba4ad7de7a0386e86de8465ae96e0be90065811d75b6e93361a
              • Instruction Fuzzy Hash: 975109B1E4021DAFDB11DFA9CC90AEEBBBDEB44754F100529E611B7290D731AE05CBA4
              Function 016604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • kLsE, xrefs: 01660540
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0166063D
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: af0baceb31e8124ead2961c06198d224123a6b44f160c071299bf0386739990b
              • Instruction ID: bd390b3cd42371c60590eb9a6316c0a26f5e6961d1c3fb37b493d35e6b69e771
              • Opcode Fuzzy Hash: af0baceb31e8124ead2961c06198d224123a6b44f160c071299bf0386739990b
              • Instruction Fuzzy Hash: 9151CE715007429FD724DF68C9406A3BBE9AF85304F10883EFA9AC7341E770D945CB96
              Function 0166A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Enter, xrefs: 0166A2FB
              • RtlpResUltimateFallbackInfo Exit, xrefs: 0166A309
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: 30e225d3c082b9d350dd282f83f2e7bf6bfbc1929cba76ba86b721effe45d1b6
              • Instruction ID: b4c4620a8e3a50f7b263fc44abc5520c449763f6bf92790c8c26f7b8ebade925
              • Opcode Fuzzy Hash: 30e225d3c082b9d350dd282f83f2e7bf6bfbc1929cba76ba86b721effe45d1b6
              • Instruction Fuzzy Hash: 4341AC31A04645DBDB11CF99CC50B6A7BB9FF85704F1440ADEA01EB391E3B5D901CB50
              Function 0169A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: 41841911a63af1651ad1b12948262a6d8529b58b1a76be3220f9c5d2d953b1cb
              • Instruction ID: 8f0436086d64905e9753a7bf5b3403b2ef1a444447a0d4824b1c066f0db7a162
              • Opcode Fuzzy Hash: 41841911a63af1651ad1b12948262a6d8529b58b1a76be3220f9c5d2d953b1cb
              • Instruction Fuzzy Hash: 7701DCB2640744AFD321DF64CD85B267BE8EB84B26F01897DB649C7190E374E804CB8A
              Function 0166C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: MUI
              • API String ID: 0-1339004836
              • Opcode ID: eb234b637fb34ac8db43fa5b3c154590cf6356e385e55d7f0c6a62d04ef9349a
              • Instruction ID: cd6d3b6613512bb3a30d3a2162523e23510deab857eb2239103dd5f9f279f98d
              • Opcode Fuzzy Hash: eb234b637fb34ac8db43fa5b3c154590cf6356e385e55d7f0c6a62d04ef9349a
              • Instruction Fuzzy Hash: F0825A75E006598BEB25CFA9CC80BEDBBB9BF48310F14816AD999AB351D730AD41CF50
              Function 016E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 6dec95c9276e4c24b16108bacbb9925496be6d5bb95a477a3900632034e0ae38
              • Instruction ID: b6e638da36e28227bc2274eca80e4d2f1b543e211522b22efacfb36293441647
              • Opcode Fuzzy Hash: 6dec95c9276e4c24b16108bacbb9925496be6d5bb95a477a3900632034e0ae38
              • Instruction Fuzzy Hash: 9A919371A41219AFEB21EF95CC85FAEBBB9EF14B50F100159F600AB290D774ED00CBA4
              Function 0170E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 3da05e742a66d648b080f8cb0bb2fb8296cadbe153da57bd7529a0239042a35f
              • Instruction ID: e6a6ffb505d19e0f8ff7075d9aa20197ab5c478169c21b87e117f6ea09d371c1
              • Opcode Fuzzy Hash: 3da05e742a66d648b080f8cb0bb2fb8296cadbe153da57bd7529a0239042a35f
              • Instruction Fuzzy Hash: FD919D3290160AEFDB23ABA5DC44FAFFBBAEF45740F100429F505A7290DB749901CB94
              Function 0169A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: GlobalTags
              • API String ID: 0-1106856819
              • Opcode ID: faa57de359e1d6f866e3ec645ce35e212c08f713b9c0fbc19e64b5741e97f6fa
              • Instruction ID: 8131391f6357e92ae04bad2d2f2225a538f404b70fba96b45a2b194fc703efa3
              • Opcode Fuzzy Hash: faa57de359e1d6f866e3ec645ce35e212c08f713b9c0fbc19e64b5741e97f6fa
              • Instruction Fuzzy Hash: 09718275E0021ADFDF28CF9CD9916ADBBB2BF48710F15812EE505A7341E7709941CB64
              Function 01704978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: .mui
              • API String ID: 0-1199573805
              • Opcode ID: 44e49c5319ddd95c8c7ab5b24458e22ffbd8dfed3fc115524bda9b136ccd32d9
              • Instruction ID: 740b0e2abf9a7038837802af02410eea575e8f2f5a96617ba0d1da12b4b3f09d
              • Opcode Fuzzy Hash: 44e49c5319ddd95c8c7ab5b24458e22ffbd8dfed3fc115524bda9b136ccd32d9
              • Instruction Fuzzy Hash: A35184B2D00729DBDB12DF99D840AAEFBF5AF08714F054169EA12B7390D7749D01CBA4
              Function 0167E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: EXT-
              • API String ID: 0-1948896318
              • Opcode ID: 63cf2294f26d20357f5a3408df7093a8c890e7eefc61d37bd215c383469b25dc
              • Instruction ID: 9a91d7fca3bd2e0afaa1b7ede64ee857dff1c7e4e3d0c173f45e508cde3c6fc6
              • Opcode Fuzzy Hash: 63cf2294f26d20357f5a3408df7093a8c890e7eefc61d37bd215c383469b25dc
              • Instruction Fuzzy Hash: 7341B1725083129BD710DAB9CC40B6BB7E9EF88714F440A6DF985D7240E775D908C797
              Function 016DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: BinaryHash
              • API String ID: 0-2202222882
              • Opcode ID: 3c75df982cea32b91673467f5a01c53be513a9eb4bb260b0e03003dad7831bfe
              • Instruction ID: 1f36793660190db00fa9ab3ed233290f31010d76f23dff486c928450da355460
              • Opcode Fuzzy Hash: 3c75df982cea32b91673467f5a01c53be513a9eb4bb260b0e03003dad7831bfe
              • Instruction Fuzzy Hash: 584133B1D0012DABDB219A50CC85FDEB77DAB45714F0145EDEB08AB140DB709E89CF98
              Function 016F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: 4063c1731c58be91f3b7c1a849460172820d17d382263f2b97675156dfb40dd7
              • Instruction ID: 17a48889a0cc83f394b4bd554873f1204441ed0962e025adb39cdd5dc9595cb2
              • Opcode Fuzzy Hash: 4063c1731c58be91f3b7c1a849460172820d17d382263f2b97675156dfb40dd7
              • Instruction Fuzzy Hash: 19310A31A007199BEB22DB6DCC50BAE7BB9DF05704F54406CEA81AB382DB75DC05CB54
              Function 016DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: BinaryName
              • API String ID: 0-215506332
              • Opcode ID: f013cea61ed85f4efbc41690fe3913facd8addfca937df29f71d05c41177633d
              • Instruction ID: 761869b41ae3a289d1dca299c4767e653b6fc2d74677b5b8b5db28d195a1d89f
              • Opcode Fuzzy Hash: f013cea61ed85f4efbc41690fe3913facd8addfca937df29f71d05c41177633d
              • Instruction Fuzzy Hash: 0E310136D0051AAFEB26DA59CC51E7FBB74EB80720F01416DE901A7250D730EE00EBE0
              Function 016E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
              Download Yara Rule
              Strings
              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 016E895E
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
              • API String ID: 0-702105204
              • Opcode ID: a285e8d0d4c558639bdf1ca32b64c2ad52e42a825d8c1d940c2c6891cc4cb21c
              • Instruction ID: 7b8ae313102ff6d32a219282d5b3976da174388f422592f23b7466ba551da23c
              • Opcode Fuzzy Hash: a285e8d0d4c558639bdf1ca32b64c2ad52e42a825d8c1d940c2c6891cc4cb21c
              • Instruction Fuzzy Hash: CF01F772A063019FE7355A5D9C8CA5A7BEAEF812A4B04026CF64207251CBB1A841C796
              Function 01702000 Relevance: .8, Instructions: 757COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a888eb6cfece5ff90148aba03054ed52ad097845610d75c858f970d1e1230634
              • Instruction ID: 4cad19c1e0b594bdf87fdb62d3bd0f2a9eb59437bec8cb481d7cba55a1d00d66
              • Opcode Fuzzy Hash: a888eb6cfece5ff90148aba03054ed52ad097845610d75c858f970d1e1230634
              • Instruction Fuzzy Hash: 3E42D436608341DBD726CF68C894A6BFBE5BF88300F18092DFA86972D2D771D945CB52
              Function 016F8158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5eee0b71f9305214c85333b8a83b6042135ea7d2c3ad0920e1f4b6ad48255b75
              • Instruction ID: dfe1bbfc04850c3634d4718bbbca68ec50bd8b07833086544d2737a09ad5733f
              • Opcode Fuzzy Hash: 5eee0b71f9305214c85333b8a83b6042135ea7d2c3ad0920e1f4b6ad48255b75
              • Instruction Fuzzy Hash: 75423C75A102198FEB24CF69CC41BADBBFABF48300F15819DEA49AB352D7349985CF50
              Function 01672840 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dd90b347f27d5e3bf30d263fbb95c538adff8518960e07a433a7e13511eb231
              • Instruction ID: c7b06b7b35a772dfeccfe80a51bb6bab772a7cb44d28ef585fc61112061f304d
              • Opcode Fuzzy Hash: 7dd90b347f27d5e3bf30d263fbb95c538adff8518960e07a433a7e13511eb231
              • Instruction Fuzzy Hash: 7532CBB0A007558BDB25CF6ACC547BEBBF2EF84B04F24811DD58A9B385D735A842CB54
              Function 0170A118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a1b0341dc1e443757d6bdf785c64842ec63b3518c8e21dc23480e92db706c6fa
              • Instruction ID: 2cae669fd01977843bd598b42bb27d6b9ef7eda311c0ac465cdfad58f948dfce
              • Opcode Fuzzy Hash: a1b0341dc1e443757d6bdf785c64842ec63b3518c8e21dc23480e92db706c6fa
              • Instruction Fuzzy Hash: 2122AB74204761CBEB26CF2DC494772FBF1AF44340F18859AE9868B2C6E775E492CB60
              Function 01666A50 Relevance: .5, Instructions: 548COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95a8896443b5f75f2378b6d43112da1da11561444683039c2ca377abb8b3593e
              • Instruction ID: 4e75a763ae13e52c3ff4f90fbb7c79caf4f5c9077798e2704cc56699081c09fb
              • Opcode Fuzzy Hash: 95a8896443b5f75f2378b6d43112da1da11561444683039c2ca377abb8b3593e
              • Instruction Fuzzy Hash: BB329D71A05205CFDB25CF68D880BAABBF6FF48310F14856DE956AB352D734E842CB90
              Function 01684A35 Relevance: .4, Instructions: 423COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction ID: b80bda060da76df4cdc90330958148a1362fe91968aac02f776e83a85df0ad14
              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction Fuzzy Hash: 7EF16E71E0121A9BDB15DF99C980BBEBBF5EF48754F05826DE905AB340EB34D841CB60
              Function 016F892B Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 596289f82f7a9604b637a4d788fd162959a41d3d159063106924ee0f94d697e4
              • Instruction ID: 8a0c711b05e9f16a9fcebce7b6a6f0120614c14b3f0e76fa51dae851ed70f51c
              • Opcode Fuzzy Hash: 596289f82f7a9604b637a4d788fd162959a41d3d159063106924ee0f94d697e4
              • Instruction Fuzzy Hash: 43D1C171E0060A9BDF15CF69CC41BBEB7BAFF88304F1881ADDA55A7241D735E9068B60
              Function 016665D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3845eedb46c6a2477e8827729a7306f4bf5a8c196507ec3b52824e3dbc55e26
              • Instruction ID: b7fc8ce0a1d645c83b7564284c278ea68f0da208779aedab464dbd833b2f9a68
              • Opcode Fuzzy Hash: a3845eedb46c6a2477e8827729a7306f4bf5a8c196507ec3b52824e3dbc55e26
              • Instruction Fuzzy Hash: 99E1B071608342CFC715CF28D890A6ABBE5FF89314F058A6DF99987351EB31E905CB92
              Function 01658397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c323ca52d90309f4885a50e5a479dda8c4b8c5627f21679e097419dca867dd73
              • Instruction ID: 67fd2c476348c0f3dfe7b0ca7d799ef95494b40284b45bee34877190f43cbf34
              • Opcode Fuzzy Hash: c323ca52d90309f4885a50e5a479dda8c4b8c5627f21679e097419dca867dd73
              • Instruction Fuzzy Hash: 39D1E071A00216DBDB54DF2ACC90ABEB7AAFF54304F05462DED12DB680EB30E951CB64
              Function 016E8243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 1b1706d39c4bc6e4a1ff2d3eb610d545419a4d06ec8e907b4dbe3e53c2b2e9ee
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: 2BB17F74A01605AFDB24DB99CD48AABBBFEFF84304F10856DAA0297790DB34E905CB50
              Function 01670535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: 40140285da8296e0a32631296bc5b8231012e67292c4804856f3aa9952674711
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: D2B10331704646AFEB21DB68CD54BBEBBF6EF85600F140159E652DB381DB30E941CBA0
              Function 016683C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69a3d7afe3a84ca2f9802be5dc9c8db7bd9449a645c64b44e5efd48bba761b02
              • Instruction ID: b0801d1734b8a77da8bc8761ed465db887f44f7ae920b4a1b5f2f65c379d71c9
              • Opcode Fuzzy Hash: 69a3d7afe3a84ca2f9802be5dc9c8db7bd9449a645c64b44e5efd48bba761b02
              • Instruction Fuzzy Hash: F3C13474108341CFE764CF29C894BAAB7E9FF88704F44496DE98987391D774EA09CB92
              Function 0165C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adbb376a4fff64840176e21807d7f779e46f99ed6c148d6759a4b54a336d2b7e
              • Instruction ID: 4bfa5972c7226eaec622f05139a321ae67d69b9c3528763c11b547efcc392389
              • Opcode Fuzzy Hash: adbb376a4fff64840176e21807d7f779e46f99ed6c148d6759a4b54a336d2b7e
              • Instruction Fuzzy Hash: 02B16170A002668BDB65DF58CC90BA9B7B6EF44704F0485E9D90AEB341EB709DC6CF24
              Function 0168E5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02dd135f82ee1210454dec8effdb721bb828ac01f5ce59f314e3956d1b5acf62
              • Instruction ID: cd723b6cad8a6f16c662dda71fd4ce819beffc51eec42cb0e492ee81280b8cc4
              • Opcode Fuzzy Hash: 02dd135f82ee1210454dec8effdb721bb828ac01f5ce59f314e3956d1b5acf62
              • Instruction Fuzzy Hash: 91A12831E002559FEB21EB9CCC44BBEBBB6EB04B14F054299EA11A7391D7749D41CBD1
              Function 016A0185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ecd083b1d422c2b48debee262423196fb0c2091e35a351b8f8dac99dcf7f77a5
              • Instruction ID: 1fd4e96ee2ae1c5f5042f6a08cf701a9aac7987e728499623001457532e38883
              • Opcode Fuzzy Hash: ecd083b1d422c2b48debee262423196fb0c2091e35a351b8f8dac99dcf7f77a5
              • Instruction Fuzzy Hash: 14A1BD70B01716DBEB25DF69CD90BAAB7A1FF54318F404129EA0597382EB74EC12CB90
              Function 01734500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e1cd90f9495df12781f41bdda38e055de5f7730a0ca08866959747fdb2213b2
              • Instruction ID: 06d8fdb64840a5003c9f35613963b43e63de689feb0ccb6520231a02525905f3
              • Opcode Fuzzy Hash: 3e1cd90f9495df12781f41bdda38e055de5f7730a0ca08866959747fdb2213b2
              • Instruction Fuzzy Hash: ACA1BB72A04202EFD726DF28C980B5ABBE9FF88704F44456CE5869B652D334E800CB95
              Function 016E60E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2004d05055e3334799deb78a82c1f0e76ab2e2b2b4959dfabe5ee42e29172672
              • Instruction ID: b94d5cab12ab1179f8bfa957a0239df13f3f6a690dc635d1e9d3e13679107ba9
              • Opcode Fuzzy Hash: 2004d05055e3334799deb78a82c1f0e76ab2e2b2b4959dfabe5ee42e29172672
              • Instruction Fuzzy Hash: 7F918071D01216AFDF15CFA8DC88BAEBFF6AB58710F154269E610AB341D734E9009BA4
              Function 0167E3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc20c3b17034f9c305e21c50ef90714089a0c068fd744effeedf19d5f51554e6
              • Instruction ID: 7f1909438aa38137988c9539b62431e202c185162da7722657980744197fbfed
              • Opcode Fuzzy Hash: bc20c3b17034f9c305e21c50ef90714089a0c068fd744effeedf19d5f51554e6
              • Instruction Fuzzy Hash: 8C915571A01216CBEB24DB6CCC40BBABBB2EF84B18F0541ADED059B344E736D906C761
              Function 016B6ACC Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66609df9082b3b319e39ca0889ee243fefcff3c26a78f6f7428ec5b02aa6f9a2
              • Instruction ID: 8ea052dedb7bfd31d45c513187a6e21afd591be000b3c41bb5525129883f64c1
              • Opcode Fuzzy Hash: 66609df9082b3b319e39ca0889ee243fefcff3c26a78f6f7428ec5b02aa6f9a2
              • Instruction Fuzzy Hash: DA81A271A0061A9BDB14CF69CD80AFEBBF9FB48700F04852EE545E7640E734E991CBA4
              Function 0172AB40 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction ID: 7689af4cd0fe01b71b48dc34ecf13814daea076ebf057e1ed61d1e710f69c8d5
              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction Fuzzy Hash: 7D817031A002169FDF19CF98C890AAEFBB2FF84310F188569D9169B785D734EA42CB50
              Function 0169E284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ff29176c2b7cffbf43757dde85512b87c25fd5190cc6075f6385fbb8e6d6ec8
              • Instruction ID: 167620370d4acff8b5d25e003ba5845d7b39fd4111f05743b63bdcbba4428666
              • Opcode Fuzzy Hash: 9ff29176c2b7cffbf43757dde85512b87c25fd5190cc6075f6385fbb8e6d6ec8
              • Instruction Fuzzy Hash: 05812B71A00609AFDB25DFA9CC80AEEBBBAFF88354F14442DE556A7250D731AC45CB60
              Function 0167C640 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 076250fa2660076b196d8826f7833dae70d6e1a309ca7880c04bf6266a8cea9f
              • Instruction ID: 26c34cbb361f4fa06186429296d414a73084729c0d65f3290f8f7de37b08d3d2
              • Opcode Fuzzy Hash: 076250fa2660076b196d8826f7833dae70d6e1a309ca7880c04bf6266a8cea9f
              • Instruction Fuzzy Hash: 4571AD75D00666DBCB358F58D890BBEBBB5FF58B10F14811EE942AB350E770A801CBA0
              Function 016F8D6B Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67803fe9c6293e89aa5a946c7ae0c7545176729b39c85735b0592fe4a463b81f
              • Instruction ID: 149daacf7b0ddee1374d9452313b872df66f8e47138dda7481cb4f89be9b8c83
              • Opcode Fuzzy Hash: 67803fe9c6293e89aa5a946c7ae0c7545176729b39c85735b0592fe4a463b81f
              • Instruction Fuzzy Hash: 6A71B0709042569FCB15DF5DCC40ABABBF9EF85304F048099EA94DB342E335DA45C7A0
              Function 017147A0 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88a8b5e98d5c66d1c3eb87874e650e3de8e2ea068a5fc25e70ee4bff0a660ff9
              • Instruction ID: bfb3ae7c230a95a9c3b89bf4659aa1ce3b7b38ccde6f517eddc62d290b59b415
              • Opcode Fuzzy Hash: 88a8b5e98d5c66d1c3eb87874e650e3de8e2ea068a5fc25e70ee4bff0a660ff9
              • Instruction Fuzzy Hash: BD718EB1900305EFEB20DF5DD944A9AFBF9EB80710F41865AF602AB25CC7B19A80CF54
              Function 0167260B Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f887b4b865eb1655bb0ea556a295f760cbb2d5f6dbbec4add12d4502d80286fa
              • Instruction ID: 093620179c2eac0db97fca926ed635c2f1004771e088d9f742aaed5ba7e50cbb
              • Opcode Fuzzy Hash: f887b4b865eb1655bb0ea556a295f760cbb2d5f6dbbec4add12d4502d80286fa
              • Instruction Fuzzy Hash: 7471CE356042528FD312DF2CC894B2AF7E6FF84710F0485AEE8998B356DB38D946CB95
              Function 016E035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: 2701e20e9783f151c582e4012d6cb6b8bdbfa61e8ebbcb34842b917b37713f00
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: F1715971A0160AAFDB10DFA9CD84AEEBBF9FF58300F104569E505A7250DB70EA02CB94
              Function 016F62A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2eaff657fda8b270d42b5d3b9bd7c6dbc45e04fb13fd9799b39660b3cee13b21
              • Instruction ID: eca45f067912cecc94b8818d47dd56304319bedebaf191c82ab2e39e0c721be8
              • Opcode Fuzzy Hash: 2eaff657fda8b270d42b5d3b9bd7c6dbc45e04fb13fd9799b39660b3cee13b21
              • Instruction Fuzzy Hash: 2D71D032240701AFEB22DF18CC54F56BBB6FB40724F14892CE3568B6A1D775E944CB50
              Function 01668AA0 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebf7d807d99983a003178923c4d707e1562171418fb4b00cbbe8695306492fef
              • Instruction ID: fb099300beecc2b64177b11828773d56706cc6134e04673baff0d9344ad82a94
              • Opcode Fuzzy Hash: ebf7d807d99983a003178923c4d707e1562171418fb4b00cbbe8695306492fef
              • Instruction Fuzzy Hash: 2C81AF72A043058FDB24CFACD994BADB7BAFB48724F19812DD901AB381D7749D81CB94
              Function 0171A250 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1337865f262cca625e5aca1ccc424583238eed6289478786896c04fc257e870f
              • Instruction ID: 44a13b6852253fe72df249f0ec808943a56e90349ab3d16cb58f335ac12cad6e
              • Opcode Fuzzy Hash: 1337865f262cca625e5aca1ccc424583238eed6289478786896c04fc257e870f
              • Instruction Fuzzy Hash: 2751BE72505692AFD722DE6CC844E6BFBE9EBC5750F000929BA40DB254D770ED04CBA2
              Function 01708350 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be74a39e23976021476f9d0c85511096d5dfd26a142606d54769d90a490b5423
              • Instruction ID: 047576d86b24603c56da2b10f7ee3369a4236a5785f7eedc6a1cd10651151d77
              • Opcode Fuzzy Hash: be74a39e23976021476f9d0c85511096d5dfd26a142606d54769d90a490b5423
              • Instruction Fuzzy Hash: 6951CE70900B05DFD722DF5AC884A6BFBF9BF94710F10461EE292976E0D7B0A945CB91
              Function 0169E443 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6132df789c082f3193aad93b7fc459b0106ccfa37a0c58fed7c61390fc3196d4
              • Instruction ID: 5885cc8a0345de4d9634653e930fc737084a3e47fb1027504b0d73dd3f785d78
              • Opcode Fuzzy Hash: 6132df789c082f3193aad93b7fc459b0106ccfa37a0c58fed7c61390fc3196d4
              • Instruction Fuzzy Hash: B9515871600A05DFDB22EFA9CD80EAAB3BEFF14784F40042EE54697660E735E941CB51
              Function 01704180 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f53237950a6899daac3b591930d779d0c82c220ee0a68b8ce507fc971ca9fcc0
              • Instruction ID: b8eca92f0d9b02293dd01ec7e17149e49dc1e4126864e3d7c02241dc44131f79
              • Opcode Fuzzy Hash: f53237950a6899daac3b591930d779d0c82c220ee0a68b8ce507fc971ca9fcc0
              • Instruction Fuzzy Hash: 44514671608342DFD755DF29C880A6BF7E5BBC8214F44492DF68AD7290DB30E905CB56
              Function 016845B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: 695758add3efbfec6cc99b90305de851e6047ec411ebe0e92b870a92d9f72579
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: C9516E71E0021AABDF15EF94C840BFEBBB5EF45754F14426AEA01AB340DB34D945CBA4
              Function 016EE9E0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction ID: 8e364b6db48d7a0b65c2983344596ecf666ce7924fad64cdffe7a0d9dccf7269
              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction Fuzzy Hash: DC51EA31D01209EFDF119F94CD98BAEBBF9AF00314F114759D91167290D7329D45CBA0
              Function 01728B28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb0b5c15be8532945e1cd6bc7a1c6c9fc7d4bccdec3b96d204f591bf279c1236
              • Instruction ID: 60489a8b1973a7e96aebc1c17c9200cc969abf17f4f2cdbc2f672ebf8489cd98
              • Opcode Fuzzy Hash: eb0b5c15be8532945e1cd6bc7a1c6c9fc7d4bccdec3b96d204f591bf279c1236
              • Instruction Fuzzy Hash: 844106707016219BDB29DB2DC894B3BFBDAEF90220F08865DF95587385DB36D843C692
              Function 016ECBF0 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70500c9c97b70300fc433241c60d8aee95afaca07072f3c97baaa2f283eb6a0b
              • Instruction ID: 1a006afe2328958021d6d7f4754f7e07301a34d7e4d4da48c0df30ea003d9d63
              • Opcode Fuzzy Hash: 70500c9c97b70300fc433241c60d8aee95afaca07072f3c97baaa2f283eb6a0b
              • Instruction Fuzzy Hash: 62519F72D01216DFCB20DFA9CC989AEBBFAFF48764B508619E505A3304D772AD41CB90
              Function 0169A430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2856caf45b9b62739d13a5de49ea987f4d4931c3e1e12dce32aaebd184472c3c
              • Instruction ID: 2b88320af0c2651e714871fe44ed49e9365666ec4002a50f3e3efe68fcd15940
              • Opcode Fuzzy Hash: 2856caf45b9b62739d13a5de49ea987f4d4931c3e1e12dce32aaebd184472c3c
              • Instruction Fuzzy Hash: 99412371B44316DBDF25EFA8DC90B6A37AAEB14768F40402CEE0A9B241DBB19801C795
              Function 0172A9D3 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction ID: 1075f4ade96b1758db8ab0ddae91fed80df56d59f5f51e2c501a5b606c46d4e0
              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction Fuzzy Hash: 22410B71A007269FD725CF68C984A6AF7B9FF80310B05466EE95287B44EB30EE16C7D0
              Function 016901F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11f17ab6f70782e4b4dce3bbfebbfeb3bb9da5b2495619e34ab05e4417d22063
              • Instruction ID: 2027d91e36332f22f4a69fbad5ad746971fd8a3c1ae61898968982fa251ec271
              • Opcode Fuzzy Hash: 11f17ab6f70782e4b4dce3bbfebbfeb3bb9da5b2495619e34ab05e4417d22063
              • Instruction Fuzzy Hash: 9B418C36D002169BDF14DFA8C840AEEB7BDAF48710F14815AF915E7340D7359D42CBA8
              Function 0168EBFC Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfed05c4a44409842fa2f80d13d346909cbbd896829e145f80149591379f723b
              • Instruction ID: 25c8d98634361ec39b889133096d6b304b7f1d6f2e595b04a9f12dad183f4af1
              • Opcode Fuzzy Hash: dfed05c4a44409842fa2f80d13d346909cbbd896829e145f80149591379f723b
              • Instruction Fuzzy Hash: E541B3726043019FD724EF28CC84A27B7E6FF88224F14496DE967C7711DB72E8458B55
              Function 016A2750 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction ID: d11284ff21d2ff25f4d0ae2c62345190cb820414fa47c5fd5be49b76bf49218d
              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction Fuzzy Hash: 98514775E052158FCB15CF98C880AAEF7B2FF84724F2981A9D915A7351D770AE42CB90
              Function 01666154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0753af9f6e2722a8ad413ef3b88bf22d43c058db26f6e4a2425d20cb0cfdda8d
              • Instruction ID: 28c96ccb923aeb56be41a13cf062ad2d0d5201bde14260da67692e87601f9412
              • Opcode Fuzzy Hash: 0753af9f6e2722a8ad413ef3b88bf22d43c058db26f6e4a2425d20cb0cfdda8d
              • Instruction Fuzzy Hash: 4651F570940256DBDB258B28DC10BB8BBBAFF11314F1482ADE519973D1DB74A981CF84
              Function 01660BCD Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5fe5e4c61322efc5a3a000fa000ba1039ebd35cd4810c94f299a9102752e25e
              • Instruction ID: 4549681d14e82644f36af1b01c80e9a6606fdfbf1bc1e855cc9cad0ab6c517df
              • Opcode Fuzzy Hash: a5fe5e4c61322efc5a3a000fa000ba1039ebd35cd4810c94f299a9102752e25e
              • Instruction Fuzzy Hash: B4418E36A402289BDB21DF68CD80BEA77B9EF45740F4100A9E908AB341DB749E81CF95
              Function 01660D59 Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f5eb3b565b11fd2b07a87b1f813b9f86e9ec6eb89cd7e490045ad69801116ca
              • Instruction ID: 8a801cb22ecfb5e746d65a72f440f5359c9d0b0ae96b259036477da3c9846b96
              • Opcode Fuzzy Hash: 1f5eb3b565b11fd2b07a87b1f813b9f86e9ec6eb89cd7e490045ad69801116ca
              • Instruction Fuzzy Hash: 5541E5756403249FEB22DF28CC80FAAB7AEEB55714F0044AAF94597381DBB4ED80CB55
              Function 0172866E Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction ID: 6f796e8766b951357e58af8a6bd29d8828f92182b001b103b3b2ba830fc04fe1
              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction Fuzzy Hash: 3541A475B10225ABDB15DF99CC84AAFFBFAAF88700F144069E904A7346DB71DE02C761
              Function 01660887 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b239d8210f6be55fe1a812ee11165ce4f4e8aaf3e54fe9370950996188d6a67c
              • Instruction ID: 2adddd717d26841d37c10b64600b363753ad9bcab7c802957101e80a82677b2c
              • Opcode Fuzzy Hash: b239d8210f6be55fe1a812ee11165ce4f4e8aaf3e54fe9370950996188d6a67c
              • Instruction Fuzzy Hash: 1941BDB16007029FE725CF28CC90A22B7FAFF48314B149A7EE55786A51E730E846CB94
              Function 0168A470 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 510f0a96eb2d1964ce729f2b1eff1c383b64625b40605a646c3894d2c71bfbde
              • Instruction ID: ccec1097228af48b9139f0aa12714f94008a274b9e65d6990a8641bb840c32cd
              • Opcode Fuzzy Hash: 510f0a96eb2d1964ce729f2b1eff1c383b64625b40605a646c3894d2c71bfbde
              • Instruction Fuzzy Hash: 9741DF31940204CFDB21EFACDC94BAD7BB1FB44320F08425AD812A7385EB709981CBA5
              Function 01668BF0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6502e4c267aaed1e3724336446f3d4004aecd4e91f67fb0ff1821947bf06ccb4
              • Instruction ID: ae5665a3801f13d611cc750ce9690dc77c66eb8777fb61495d151023de3ffd67
              • Opcode Fuzzy Hash: 6502e4c267aaed1e3724336446f3d4004aecd4e91f67fb0ff1821947bf06ccb4
              • Instruction Fuzzy Hash: 6341C572901306CBD724DF6CDC40A6ABBBEFF94714F19812DD9025B399D7759842CB90
              Function 01658918 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50aeb32c2ca8917608f649bf8f5871f81d1db8f5da3a393e4afbecf272ef02e9
              • Instruction ID: 33d2cf8df39055027e1963ead1f1a9c7d999ff6e1a9f1712ea6989801bb63f0d
              • Opcode Fuzzy Hash: 50aeb32c2ca8917608f649bf8f5871f81d1db8f5da3a393e4afbecf272ef02e9
              • Instruction Fuzzy Hash: 4A413A315083469EE312DF69CC80A6BB7E9EF88B54F40092EF984D7250E731DE458B97
              Function 0165A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: 3d383c509a30c090a9ab7c612b1ddb3c9bbd35b0029f1305e5b66a219cc0170b
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: 65413931A00211EBDB21DEAD8C907FABBA6EB50768F15816AED458B341D7328DC1CB90
              Function 016609AD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc82851b834cd7fa523780b47ac72741aaf94636baf90c38c9a4ac7469edebda
              • Instruction ID: 078284e417841ebcc9f7c13359c371a7d8f8e96247bed1035f4c5e1079ea6913
              • Opcode Fuzzy Hash: dc82851b834cd7fa523780b47ac72741aaf94636baf90c38c9a4ac7469edebda
              • Instruction Fuzzy Hash: 7D416771640601EFD321CF18C840B6ABBE9FF58354F208A6EE8498B352E771E942CB94
              Function 01690710 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction ID: 82c02a5361e021947bef9d05c07b1478cb81011cef92224e910f9168b92c070b
              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction Fuzzy Hash: 18413675A00605EFDB24CF98C990AAABBFDFF18710B10496DE556DB690D330EA45CF90
              Function 0166262C Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e43a1c994623e105025967e8b7e35bfd472d7d0be5574dc063d2c8f4deda869
              • Instruction ID: 527ed957299d5831c80afb194bf8d6899e1ee2a8daa88c164aa631521b6f8905
              • Opcode Fuzzy Hash: 1e43a1c994623e105025967e8b7e35bfd472d7d0be5574dc063d2c8f4deda869
              • Instruction Fuzzy Hash: 0E41B1B0501701DFCB21EF28DD50A65BBBAFF54324F1082ADD4069B7A1DB70A981CB51
              Function 0169C8F9 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8bdbeea1f35ff51c91f8095e49a63095f3e3c5590930d18644335764221d225
              • Instruction ID: aa4b69214bc19f8e1485f248c840d0e312f02f4a7b2edfb9a569398a3ab0c602
              • Opcode Fuzzy Hash: b8bdbeea1f35ff51c91f8095e49a63095f3e3c5590930d18644335764221d225
              • Instruction Fuzzy Hash: 0031A9B1A01345DFDB12CFA8C840B98BBF4EB48724F2081AED109EB351D3329902CB94
              Function 016E07C3 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0bac6fc2bec719a9a30491e827ba3ec0dcb0442fcbc064b225101dd0c4dba893
              • Instruction ID: 378dad6d50add666494638797282ac92476a25ade176f2530e2b3133fd8d77f9
              • Opcode Fuzzy Hash: 0bac6fc2bec719a9a30491e827ba3ec0dcb0442fcbc064b225101dd0c4dba893
              • Instruction Fuzzy Hash: 8441A0716043059BD720DF28CC45B9BFBE8FF88624F004A2EF998D7250D7709945CB92
              Function 016E05A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53fbcdc9aeec32303311132776a2fb8010496e431c1448a3beac5cada31b97ee
              • Instruction ID: 0882e6d1664612f28884258b65a832ee76e74e37a5494ba3d4e96a1919a0651b
              • Opcode Fuzzy Hash: 53fbcdc9aeec32303311132776a2fb8010496e431c1448a3beac5cada31b97ee
              • Instruction Fuzzy Hash: DC41D1726056529BC320DF28CC44B6AB7EABFC8700F240A1DF95597780E770E905CBAA
              Function 01664859 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0431228f87901a1321eba2f97e6e6483ee6ac1d9f2af8b958cfdf7e2369e2073
              • Instruction ID: b9f7d355986276a6d4e247ef79f533b285df73b8defb24952d05465e9634c07d
              • Opcode Fuzzy Hash: 0431228f87901a1321eba2f97e6e6483ee6ac1d9f2af8b958cfdf7e2369e2073
              • Instruction Fuzzy Hash: 0741A0702443028BD725DF28DC94B2ABBEEEF80764F14462DEA558B391DB70D951CB91
              Function 016702E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: a2bfa54f0c9cff04f88bf54a1314b46d242368bcef88ac09352cfbf6b6616045
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: 6E312431A04245AFDB22CB6CCC80BABBFE9EF15360F0445AAF815D7352D7749885CBA4
              Function 0170E3DB Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12f9a6d1d267a737f46c941706dc5885a1291232ae7c28bd009a6a8bc809170b
              • Instruction ID: 3ed5f93a41d6e895110b666aa24a42c68a595bd280cf7657c22b775c2af5e57d
              • Opcode Fuzzy Hash: 12f9a6d1d267a737f46c941706dc5885a1291232ae7c28bd009a6a8bc809170b
              • Instruction Fuzzy Hash: 6031A671740706EBD723AF658C41F6FB6E9AB58B54F110468F600AB3D1DAA4DC00D7A4
              Function 01714B4B Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff4a954c478cbf427bc5aa9cbcad6c568b339d8c875494196cea82e18f6e759b
              • Instruction ID: a788d32d6153a4be8647895bcff4ce856df71abded8750ad7f02e53725785590
              • Opcode Fuzzy Hash: ff4a954c478cbf427bc5aa9cbcad6c568b339d8c875494196cea82e18f6e759b
              • Instruction Fuzzy Hash: FE318D326053018FD731DF1DD880E26B7E6FB84760F5A846EE99A8B259D730A841CB95
              Function 01664260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b10bd6590fec19886aff14b661099090b513c0b8f37d94ed8221aec121276144
              • Instruction ID: 2a03eb001dbcc0f429cd9e1b4dec1f3b38aeac6a60aa046afc47ca687456bbb1
              • Opcode Fuzzy Hash: b10bd6590fec19886aff14b661099090b513c0b8f37d94ed8221aec121276144
              • Instruction Fuzzy Hash: B041AE35200B45DFD722CF29CD81BE6BBEAEB49714F00842DE65A8B350DB74E804CBA4
              Function 01714BB0 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f0b0ceb48cee64466e177c726c96141ba6386e17b4336dd70c7b4347cb52c06
              • Instruction ID: 472de6ca1071d511a8d72a93a89a9bcd491d49efa99030ef5660695f23be0b48
              • Opcode Fuzzy Hash: 6f0b0ceb48cee64466e177c726c96141ba6386e17b4336dd70c7b4347cb52c06
              • Instruction Fuzzy Hash: F83189716043029FD720DF2CC891A2AB7E5FB84720F05896DF95A9B299E730EC04CB91
              Function 016DEB1D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73521bf51f62d7a354c9b32b80294df33a2d27a54d9ec5ef48eadd034c56e5a8
              • Instruction ID: 7ea989a2546fecae96160f684418d54c39e497bba761104f28d3023b9e24e8a2
              • Opcode Fuzzy Hash: 73521bf51f62d7a354c9b32b80294df33a2d27a54d9ec5ef48eadd034c56e5a8
              • Instruction Fuzzy Hash: 8431C132B016829BF322975CCE48B257BD9BB40B44F1D00A8AB459F7D2DB6AE841C335
              Function 017261C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4ec7782edea5abb088dca3b79aae5726800c49272ccf59b194e1b2170a8c7e7
              • Instruction ID: 749ff6ed789860e758991646a8d62bae871f993c6a1e364d2f175ac7db7384b9
              • Opcode Fuzzy Hash: c4ec7782edea5abb088dca3b79aae5726800c49272ccf59b194e1b2170a8c7e7
              • Instruction Fuzzy Hash: 1531B075A0026AABDB15DF98CC40BAEF7F6EB49B40F554169F900EB244D7B0ED01CBA4
              Function 0170483A Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a7ba577933ccfef8b2958cdbcf500b9b344745c55249de23cb9d4cb042593c0
              • Instruction ID: 4f39e0c64977f9d3dcf47cf012a0036fac8dba6d3e6ecda610ac2b82d8d99d37
              • Opcode Fuzzy Hash: 9a7ba577933ccfef8b2958cdbcf500b9b344745c55249de23cb9d4cb042593c0
              • Instruction Fuzzy Hash: 09318936A4012DABCF22DF54DD44BDEB7FAAB98310F1100E5A609A7250CA30DE51CF90
              Function 0168EB20 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16185019c3f5e7e24ede42984a28202682a09c9686e38d1d456839a9b7e5a734
              • Instruction ID: 536efc8377e9fb0b59466f121b114a3435382b852b754454b33f9100baebbc70
              • Opcode Fuzzy Hash: 16185019c3f5e7e24ede42984a28202682a09c9686e38d1d456839a9b7e5a734
              • Instruction Fuzzy Hash: 7431F672E00215AFDB21EFA9CD40BAFBBF9EF44750F014569E516E7250D3719E008BA0
              Function 017260B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03d46ad70d07b8a1c2076fbe848afd93f84e85f3125b26f5b1882248599b4b71
              • Instruction ID: 001b8a25834be625986b5ddbd800300b13e9f8c0a49f3b55bb501fa97f90cd84
              • Opcode Fuzzy Hash: 03d46ad70d07b8a1c2076fbe848afd93f84e85f3125b26f5b1882248599b4b71
              • Instruction Fuzzy Hash: 8D318871600626EBD7229F59CC50B6EF7B6EF44754F10406EF905DB352DA70ED019790
              Function 016607AF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256914189171f441040d75425e3e7dccf86f9afa66b555044539c64367f0ae74
              • Instruction ID: 2b0e8424df4fe7ed539afedb7cd74d86d2335ff6ad5721ca0022a9f3f7159bc1
              • Opcode Fuzzy Hash: 256914189171f441040d75425e3e7dccf86f9afa66b555044539c64367f0ae74
              • Instruction Fuzzy Hash: 8A31B476A04712EBCB12DE288C80AABBBAAAF94650F02453DFD5697310DB30DC0187E5
              Function 01668550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a5e0e1931bf5ee3dfd41784b314150b8cd7839f958c86958db675332c3f7806
              • Instruction ID: 4a136c5a7dc256f1e9c16f9e9bfdfa94aee7463c925473d0c889e73840170312
              • Opcode Fuzzy Hash: 4a5e0e1931bf5ee3dfd41784b314150b8cd7839f958c86958db675332c3f7806
              • Instruction Fuzzy Hash: F1318CB16093018FE760CF29CC40B2AFBE9FB98B00F05496EE98597351D771E944CBA1
              Function 0169A6C7 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction ID: 0759f1f57a874b0cde86cb8a55314d239fda404c5294f774f53bfca48f8a432f
              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction Fuzzy Hash: 48312E76B00701AFDB61CF6DDD41B67BBF8AB48650F04092DA59AC7751E730E9008B64
              Function 0170EBD0 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33fde3d835b72b62b5bb9ff89b80e47832869ef2be2db53c134ee286ea4a12b5
              • Instruction ID: 1a508c90bc693a144a2b7af55e400c5714f649985f485e4fa7a9bb3cde44d4a5
              • Opcode Fuzzy Hash: 33fde3d835b72b62b5bb9ff89b80e47832869ef2be2db53c134ee286ea4a12b5
              • Instruction Fuzzy Hash: 7E3178B1609301CFCB12DF19C55095AFBF2FF89214F4449AEE8889B291DB729984CB92
              Function 0168438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95097661d980b12ac0816a7ca4d3b52b2233f50b56a05ec0f91efbe33db8ce56
              • Instruction ID: 9d26f7674c3c25637f0c100941bd9ac58e369204ec78339c9290becc756b6909
              • Opcode Fuzzy Hash: 95097661d980b12ac0816a7ca4d3b52b2233f50b56a05ec0f91efbe33db8ce56
              • Instruction Fuzzy Hash: E131C272B012069FD720EFA9CD81B6EBBFAEB84744F10862AD105D7654DB30E945CB90
              Function 0165CB7E Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction ID: 6966a5c29a332d541c39fb8a3c711f70463427f61fecf2d48eb9031bf45fb96c
              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction Fuzzy Hash: 2D21F236E0165AAADB109BB98C40BEFBBBAAF14740F0580759E55E7340E370D94187A0
              Function 0165C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d184ba7e76284dfe96f48d3c7bcbff2a00e65270d5b752d8e6f0f61d1dbfff2
              • Instruction ID: 9bba53a269fa8989ab3793a76c625c67ad7ea0ad544a5be25f60e73cdf487132
              • Opcode Fuzzy Hash: 3d184ba7e76284dfe96f48d3c7bcbff2a00e65270d5b752d8e6f0f61d1dbfff2
              • Instruction Fuzzy Hash: C63135715003118BDB21AF68CC91BF977B5EF41318F9481ADE9469F382EB7499C2CBA4
              Function 0171C3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: 8c7aacf0374049624b06ef86fcc79cc11196d6b76fc8b21d9f203bcb77fbd6a4
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: AF212D3A68065267CB16ABDD8C04BBAFFB5EF40710F40801EFE5587695E634DA40C760
              Function 0165E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 636a508d96baaee66e1e8f5ef39a7e5be30f853087c618343ec4b80e4cae794f
              • Instruction ID: 3272331b2723ff1f1d5ae52ccf98eb82681430dd3e1b82a84751edbc2b4b96cb
              • Opcode Fuzzy Hash: 636a508d96baaee66e1e8f5ef39a7e5be30f853087c618343ec4b80e4cae794f
              • Instruction Fuzzy Hash: DB31C231A015289BDF31DF18CC41BEEBBBAAB15740F0100A5EA45A7290D7B5AF818F91
              Function 01694588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: c57eea66605229a082a917329c38aa1ab3b2f85f2f2c03eff4799dfd862a7a69
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: FB217471A00615EBCF15CF58CE80A8EBBB9FF48714F108569EE15DB241DA71DE06CB90
              Function 016944B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af1bc84169b779ae6a380388a25a7b68318290ae1878615247c6ff18f2039890
              • Instruction ID: a3140d27bdf3d5dcca06bc58d2507ef01c4255dcf770137725dca7c4be78826b
              • Opcode Fuzzy Hash: af1bc84169b779ae6a380388a25a7b68318290ae1878615247c6ff18f2039890
              • Instruction Fuzzy Hash: 8D21C5725047459BCB21DF58CD40B6B77E9FB88760F004519FD549B741DB30E902CB92
              Function 0165E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: f9c464c2e5e6f41f7b7f9aae94b0a0d0ca747c0b840178033afa88ec4a723d9c
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: 50317A31600605EFDB21DFA8C984F6AB7B9EF45354F1445A9E9528B391E730EE42CB50
              Function 016DE609 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc14f63c11898a9aaf29cbc9fddae0f2091e0890c77ba2b6cac3557291d099b1
              • Instruction ID: 425006851ce155f13145ef21a7236cca006d2ec140cdf0cb5e3d5622545309a4
              • Opcode Fuzzy Hash: cc14f63c11898a9aaf29cbc9fddae0f2091e0890c77ba2b6cac3557291d099b1
              • Instruction Fuzzy Hash: 88318B75A00255DFCB14CF1CCC849AEBBB6FF88704B15845AF8099B391E772EA41CB94
              Function 01668D59 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
              • Instruction ID: 89225058df2a8b239864981da902edcd54ee2164bf8db53f824905ec40e1edd5
              • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
              • Instruction Fuzzy Hash: 0921D6326026419BE726D72CDD24B35B7BDEF50B50F0984ACEE42977D2E764D8418261
              Function 016E06F1 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fe0c45427a913699d8377d209ce6723d5c3a3be1e74eeb18d021abc7d7ce641
              • Instruction ID: ff20ba714a8f40b78f7a0c03d4c6d965aceaa6015ea8342d5032f65e2dca5c4c
              • Opcode Fuzzy Hash: 1fe0c45427a913699d8377d209ce6723d5c3a3be1e74eeb18d021abc7d7ce641
              • Instruction Fuzzy Hash: 4A218D71A01229ABCF20DF59CC81ABEB7F9FF48740B544169F941AB240D778AD42CFA5
              Function 016E019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ac07fddec7963de6e06b54db42deca05acbe81d9f05d48527d57dedc3a2f721
              • Instruction ID: c0167aacdd5dec2a82a26d4c7d86e68d5e477f10a7a8b98b43974ba4833ee07a
              • Opcode Fuzzy Hash: 6ac07fddec7963de6e06b54db42deca05acbe81d9f05d48527d57dedc3a2f721
              • Instruction Fuzzy Hash: 3D219772A00645AFD715DBA8CD84B6AB7E8FF48740F144169F904DB7A0D774ED40CBA8
              Function 016E0283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69903dad9fba882f20cb6eee5bf4fbee52f33ce644eb80d6724620797411007a
              • Instruction ID: 8e3160dd6451608eac12d23f230ab63847247523c9170ac93a7e6284ad6a6140
              • Opcode Fuzzy Hash: 69903dad9fba882f20cb6eee5bf4fbee52f33ce644eb80d6724620797411007a
              • Instruction Fuzzy Hash: FE21F272A063469FD711EF59CD48B6BBBECEF90640F08465ABD80C7351E770C905C6A2
              Function 01682835 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6aa850b169173b17df7d733f57df125dab0889072840a125bd182c20a3dc69e7
              • Instruction ID: 4ec186213dee9a06fd22e8351625c9c9b83bd67fa351ce7e4e4b448088a1bce9
              • Opcode Fuzzy Hash: 6aa850b169173b17df7d733f57df125dab0889072840a125bd182c20a3dc69e7
              • Instruction Fuzzy Hash: 79216E727056859BE722A76C8D14B243BD5EF01B70F29036CF9209B7D2E768D801C105
              Function 0169A30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5481a57f2acdc845941b70c2a76440bed7f8cc89e90dc41d7c479fa05de4d4ad
              • Instruction ID: 0c90861941f208ae46be111d6a9698dc91b10f6c50b96f2352be14f4bf144c10
              • Opcode Fuzzy Hash: 5481a57f2acdc845941b70c2a76440bed7f8cc89e90dc41d7c479fa05de4d4ad
              • Instruction Fuzzy Hash: FC217975640A119FCB25DF69CD01B56B7F6BF48B04F24846CE50ACBB61E371E842CB98
              Function 0171A49A Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19b64c359dfd408993587eed6485683cca68b3634ff6d8ce6f99749d24f3bf23
              • Instruction ID: a943318f8d2f8f9cc60ae3d157afd8d6a90147af18e48d829bae62b304152d5d
              • Opcode Fuzzy Hash: 19b64c359dfd408993587eed6485683cca68b3634ff6d8ce6f99749d24f3bf23
              • Instruction Fuzzy Hash: 6211E372285A51BBE722565D9C01F67BA9E9BD4B70F210428BB08CB288EB70DC0187A5
              Function 016E0946 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1be9010c5afc5dacf3a52e19a19aa434b1f77d7aa85a6f72dd6f100b93106606
              • Instruction ID: 07b1cf341d6808ebd88a047aa8bafbea65321d2d4d4ecfc965987c484f51a3ec
              • Opcode Fuzzy Hash: 1be9010c5afc5dacf3a52e19a19aa434b1f77d7aa85a6f72dd6f100b93106606
              • Instruction Fuzzy Hash: 7C21E7B1E01349ABCB10DFAAD8859AEFBF9FF98710F10022FE405A7251D7B09941CB54
              Function 016F80A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: dc30110c93d543d24d44ade76d39d025aba19c2690c272e63f95467aaebba2d3
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: 22216F72A0020AAFDB12DF58CC40B9EBBBAFF84311F204459FA01A7251D734D951DB50
              Function 01690124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: 4b765ff31c4c903c9d9310490c71e1a810c24932576c2498f0ea404d7edf6ae7
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: 8511E2B3601615BFDB229F84CC41F9ABBBDEF80755F100469F6008B280D671ED45CB54
              Function 01668770 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f15788735ec56e3652002efcc65bdfe677f8d9d35e29bfbbe649df022606a92
              • Instruction ID: 0d7fbe41e88c5c88949145612f3a170a1ac45e72bc33c5dd0e11dfe07d516d9d
              • Opcode Fuzzy Hash: 1f15788735ec56e3652002efcc65bdfe677f8d9d35e29bfbbe649df022606a92
              • Instruction Fuzzy Hash: 7911BF717017519BDB11CF6EC880A6ABFEDAF8A750B19806DEE089F304D7B2E9018790
              Function 0169AAEE Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction ID: 0bc409396f24e66adcacc58d4134710f6c1a7acbcfda895bcb19c1385f5c6369
              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction Fuzzy Hash: DD218872600641DFDB31DF89C940A66FBEAEB94B10F14887DE94A8BB18C770EC01CB80
              Function 016680E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8743ad63e4453d544caa7a2236b57d29d662b8afdf10e107574e1ecb125a23d4
              • Instruction ID: dc86b8a89099374553502185835ab04dfbb955524f4653ddb00c0f40406bdfb2
              • Opcode Fuzzy Hash: 8743ad63e4453d544caa7a2236b57d29d662b8afdf10e107574e1ecb125a23d4
              • Instruction Fuzzy Hash: 93215E75A00206DFCB14CF68C981A6EFBB9FB88319F24416DD105A7311D771AD06CB90
              Function 0169674D Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d387ce0cb95956cb17be7001eeb17f609a270222cb5e962844e01c1b516136d
              • Instruction ID: 99b68046342e218d101cd7c0515756bb711d26c4ed65520c134a617b7c175b7e
              • Opcode Fuzzy Hash: 3d387ce0cb95956cb17be7001eeb17f609a270222cb5e962844e01c1b516136d
              • Instruction Fuzzy Hash: 26215E75500B01EFDB208F69CC81B76B7E9FF44250F44882DE59ACB651DB70E851CB64
              Function 016F6870 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37be281900fb22f028cf5f23ba317d75bae1f40628755ae4b040ee413af5b0b6
              • Instruction ID: 617e89552f40e47b44822eca07190d38ab08ff13ba4db088a98ba098672e0713
              • Opcode Fuzzy Hash: 37be281900fb22f028cf5f23ba317d75bae1f40628755ae4b040ee413af5b0b6
              • Instruction Fuzzy Hash: CD119E32240615FBD722DBA9CD40F9A77A9EB99B60F11406DF3159B261DA70E901C7A0
              Function 0168E8C0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af981f6110cb33b983bbc8e086ed7f05620018d840eb87eb73280f4dbf28404c
              • Instruction ID: 3062a6f7ff16146033794d395a3fea798312dc4db874c936320e1f3e84272dd0
              • Opcode Fuzzy Hash: af981f6110cb33b983bbc8e086ed7f05620018d840eb87eb73280f4dbf28404c
              • Instruction Fuzzy Hash: 6F1148333041109BCF19DB28CC81A3BB267EFD1670B244A7CE9228B380EA719802C294
              Function 016966B0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 277141e331bfd01dbf2a4286e01823a4478c01567947ab411342a1cbacfc2e0f
              • Instruction ID: 1e179b4fee0167f4a7ebbd152b7146fe04a2037c5888fc590536f838fa2ee479
              • Opcode Fuzzy Hash: 277141e331bfd01dbf2a4286e01823a4478c01567947ab411342a1cbacfc2e0f
              • Instruction Fuzzy Hash: 2D11B876A01305EBCF25CF99D980E6ABBE9EB84610B02807EE9059B310E770DD01CBA0
              Function 0172A8E4 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction ID: 2962ca43f3c54cd26c83e47fb2d7f35b33b89c1280df755ef8a6503275a7814b
              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction Fuzzy Hash: B211C436A00925AFDB19CB58CC05B9DFBF5FF84210F058269E89597344E671AE52CB80
              Function 01660AD0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction ID: ca7df1ad4efb357914fdef9b9bc709ea5dd7c266f1277936dbeeaea68843d6e3
              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction Fuzzy Hash: 9721F4B5A40B059FD3A0CF29C840B52BBF4FB48B10F10892EE98AC7B40E371E814CB94
              Function 016EE7E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction ID: ee72f620a6185222c2044d618723b893b16604bfb90638d27459716e288eb544
              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction Fuzzy Hash: 2911C631612601EFE7219F48CC48B577BE6EF55754F06862CE94A9B250E732DC44D790
              Function 016827ED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3b31d3cb6a1fe54e03005b9faa4c933f21f1fdfe606d3cf88371b9838521b2b
              • Instruction ID: 42449dee23e283645a9628185002a731dd09d3175823ef9c7b97293b0c280b6e
              • Opcode Fuzzy Hash: b3b31d3cb6a1fe54e03005b9faa4c933f21f1fdfe606d3cf88371b9838521b2b
              • Instruction Fuzzy Hash: 3F0104B2605649AFE716A2AD9C58F277A9DEF44790F06006CF9008B351EA64DC01C2A1
              Function 01664690 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7284e2805795102935c898388a8faa9ff0ccb97158d7652c2f469d0f108992d
              • Instruction ID: 0a0a284eeaf4b180305000ead026893a3e287ea7c2df1047cf0bcb98b12c4e46
              • Opcode Fuzzy Hash: c7284e2805795102935c898388a8faa9ff0ccb97158d7652c2f469d0f108992d
              • Instruction Fuzzy Hash: D6110E76240640AFDB25CF59CC80F267FACEB86B64F04411AF9048B340CB78E840CFA4
              Function 01696620 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87e67b33369a577142b9aeaa57b2aea0c84243ee3520a6897925344d02a2d373
              • Instruction ID: 7cd1643c09d2d131523a18a05b3b015519e75002e5cd5234f20cd18cd75680ae
              • Opcode Fuzzy Hash: 87e67b33369a577142b9aeaa57b2aea0c84243ee3520a6897925344d02a2d373
              • Instruction Fuzzy Hash: 2B118E72A00726ABEB21DF69CD80B5EFBBDEF84750F500469EA01A7300D770AD018BA5
              Function 0168EA2E Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bcf542bece3a5110e56af5c14260009ea5e589a9467b42f404e8142a23ba1177
              • Instruction ID: 4340e432dbc5f65d6050c8e8e2c28030f09cf2e760a76016b439ccb001d319e4
              • Opcode Fuzzy Hash: bcf542bece3a5110e56af5c14260009ea5e589a9467b42f404e8142a23ba1177
              • Instruction Fuzzy Hash: 5B01D6715002069FC315EB18D844F25F7FAEB81724F24826EE4048B260D7B0AC41CB94
              Function 0168E53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: 348a6a9c65de006c730896521a1c9c1e92cbd5ad1c2a2d0cd61f5d80dccd82d1
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: B611C8722016C2DBEB23A76CCD54B757BD5FB41B54F1900E8DE4187752F72AC842C662
              Function 016EE75D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction ID: c5ed8e783814622a35efb93eb68d9df4d1b6d41a561f0297e7c363a5d0e89b94
              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction Fuzzy Hash: E301D236742105AFEB219F58CC08F7A7AEAEB45750F098628EA059F260E776DD40CB90
              Function 0165A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: bbb5370dc8aeafa13348841eb639a5f1987f77b5be8c079d9e3949496b058c38
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: 78012631404721AFCB718F59EC41A327BA5EF557A0B04CB2DFC958B281C331D801CB60
              Function 016DE1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 406535b5d3be5815ae8eb656cbcc3e202c76850d7c77bf13640341b73c78e809
              • Instruction ID: d929ac96029d6540610f1328fe147d6aa252aa0a6a898009d5e2a8b86d4f90c4
              • Opcode Fuzzy Hash: 406535b5d3be5815ae8eb656cbcc3e202c76850d7c77bf13640341b73c78e809
              • Instruction Fuzzy Hash: 6F11AD32641241EFDB15EF19CD90F16BBB9FF58B84F2000A9FA059B661C736ED01CA94
              Function 01666259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17f5873e84db9fb1326fd11984b9ceaaeb8b88907a6ab040bad315c40d6be0be
              • Instruction ID: 37660e14fe8e8de9c254b8f8bebe626404b0c7ce59cb9c032cff51982eb890fb
              • Opcode Fuzzy Hash: 17f5873e84db9fb1326fd11984b9ceaaeb8b88907a6ab040bad315c40d6be0be
              • Instruction Fuzzy Hash: 3E112E71541219ABDB25AB64CD51FE9B279AF04714F9081D8A314A61E0D7709E81CF98
              Function 016E6050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bee2bcff5fc0082cc7ccfcc3a7830215ab8dea51b65c80bd49a08f1ad62541a3
              • Instruction ID: 1d1cdbf0a834fe91196e310f7a06cf8ac7d5351fa67ca6115336ec8207288d42
              • Opcode Fuzzy Hash: bee2bcff5fc0082cc7ccfcc3a7830215ab8dea51b65c80bd49a08f1ad62541a3
              • Instruction Fuzzy Hash: AA112973900119EBCB11DB94CC84EDFBBBDEF58254F044166E906E7211EA34EA55CBE0
              Function 0166208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: ccc93fc3d10a152b396c62aaf48ee6697cecee41d93120c58165bdbb21b74c4a
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: E201B1326001119BEF159A6DDC90A92B76BBFC4700F5945ADED058F356DB719881C7A0
              Function 016F6500 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09bb0cf26406c3589eb7767979de0ca91c6abb41a4b3b192850de140978ec4da
              • Instruction ID: fdc8b8f65ee2d332be9e6a534da58fd0a8be0d9fd83825fccdaf5e92d0553833
              • Opcode Fuzzy Hash: 09bb0cf26406c3589eb7767979de0ca91c6abb41a4b3b192850de140978ec4da
              • Instruction Fuzzy Hash: EC11E1326041469FC301CF28C800BA2BBB9FB5A314F08C159E9489F326D732EC81CBA0
              Function 016EC810 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d91e8ba23dbf5ad27882a3be7cf8ab3fe42e5aef7259719ea1a2a11807cd221
              • Instruction ID: 6bb8e743871920ba79c6022e54cb7c0b1f76a28b3dcf0e5bb07a7385a3af0366
              • Opcode Fuzzy Hash: 5d91e8ba23dbf5ad27882a3be7cf8ab3fe42e5aef7259719ea1a2a11807cd221
              • Instruction Fuzzy Hash: 04111CB1A002099BCB00DF99D945AAEBBF5FF58250F10406AA905E7351D674EE01CBA4
              Function 0170EA60 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bfbbd34bf8cdb09a18e27602921a61347011c73260d290d9cfa5a9aaadfde0a8
              • Instruction ID: 0531808fba688eca8e6b38b1aa3a978e2d75f48f1ad5eed9c093dcfb0297c5d6
              • Opcode Fuzzy Hash: bfbbd34bf8cdb09a18e27602921a61347011c73260d290d9cfa5a9aaadfde0a8
              • Instruction Fuzzy Hash: 29019E71540311DFDB23AB298850D36FBEAFF556A0B04486EE5555B291CE3099C1CB91
              Function 0165C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: dea49122b438ea183b4436229d1a9e55978f2ada4ca847b3f089816dde369f5e
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: CD01B5321007059FEF2296A9CD40EA777EEFFD5214F04841DA9468B640DB75E442CB60
              Function 016A20F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f0e901c698b2bbe00efb287af4e46d8c6149c3f593183198df5803d32316826
              • Instruction ID: d01b9484fd4c44af4ef7f95670232cac95542197084b03251c71fe392a5fea6c
              • Opcode Fuzzy Hash: 0f0e901c698b2bbe00efb287af4e46d8c6149c3f593183198df5803d32316826
              • Instruction Fuzzy Hash: E7116D75A0120DABCB05DFA4CC50BAEBBB6EB44244F00405DEA1597350DB35AE11CF90
              Function 0169E5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5096e408bb65e70cd144c2e1c6914773b49a9597f2e827d7847a1a33d239e96
              • Instruction ID: 3f6b434e9ce34cc96a5da49af025665608a22b335dbb0136ae159ce233d29c28
              • Opcode Fuzzy Hash: a5096e408bb65e70cd144c2e1c6914773b49a9597f2e827d7847a1a33d239e96
              • Instruction Fuzzy Hash: 7F01DFB1601A02BBE311AB79CD80E17BBADFB986A4B00062DB50583650DB34EC11C6A8
              Function 016F69C0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce3d86b91a13f791b666c882f764f726b5c04395efd8700f988da20223181716
              • Instruction ID: b2ba59745b06944324e53fca01dcee5d8b2504ab8399638e19a469b1007ed4cc
              • Opcode Fuzzy Hash: ce3d86b91a13f791b666c882f764f726b5c04395efd8700f988da20223181716
              • Instruction Fuzzy Hash: F401FC322243029BC320DF6ECC48967FBA9FF54660F51422DEE6987280E7309905CBD1
              Function 016EC460 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc2d0613741306a1e288b4cb5e47ff0746c9ffb3fa08fcd83b2268d0d8e58b40
              • Instruction ID: 606dfe36a673e117c94ac1c1ffbe33776d21766acd98a6a4296bd2b16d27147f
              • Opcode Fuzzy Hash: bc2d0613741306a1e288b4cb5e47ff0746c9ffb3fa08fcd83b2268d0d8e58b40
              • Instruction Fuzzy Hash: AB115B71A02209EBDB15EF68CC44EAEBBB6EB48250F004159F90197340DB34EE11CB90
              Function 016EC97C Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b56590b55b4c78a1c1b0e7ec9ad18d353176180048733e75db10d4fa33cc383a
              • Instruction ID: 74475e68839c4a7d76e0b75b14200eedb5ee3e93b2ff83b957bfad7527a32e2b
              • Opcode Fuzzy Hash: b56590b55b4c78a1c1b0e7ec9ad18d353176180048733e75db10d4fa33cc383a
              • Instruction Fuzzy Hash: D81179B16093089FC700DF69C841A5BBBE4FF98310F00851EB998D7391E730E900CB96
              Function 016ECA11 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a53ef28e884daf0d90d2e1aa781674a9394aa9951ece261799bebb2b1950d698
              • Instruction ID: 3b384a810673cc57a5189439dfc665a3c5ffeca3195d5fbdb2eb06f935dfb5f8
              • Opcode Fuzzy Hash: a53ef28e884daf0d90d2e1aa781674a9394aa9951ece261799bebb2b1950d698
              • Instruction Fuzzy Hash: AC1179B16093089FC310DF6DC841A5BBBE4FF99350F00851EB958D73A4E670E900CB96
              Function 01734A80 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction ID: 1183809ad7389f13bb39c360d3cda8bf5eeba9585a1168e3044adcf912229dae
              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction Fuzzy Hash: 2E01D4332046069FDB29DA69DC44F96FBEAFBC6210F084819E6438B651DAB0F942C794
              Function 0167E016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: 499ecee4d53c963c40a4be62e9a3583ff1636ef28370d633901899f458b0ffce
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: 2A017C722015809FE323861DCD48F667BE8EB56758F0904A6FA05CB7A1D769DC81C625
              Function 0165826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e24506a258028b5ffe923b5ed5c31e87592d845dabaa139da575b67f0dad7d3d
              • Instruction ID: a29205a68d7682cc82e30ead52a74bf6bcaf5be230e5ba00a7d42bc0fc0cd26f
              • Opcode Fuzzy Hash: e24506a258028b5ffe923b5ed5c31e87592d845dabaa139da575b67f0dad7d3d
              • Instruction Fuzzy Hash: F101DF32701605ABD714EB6ADC049AEBBAEEF812A0F0580299D02A7B44DE70ED02C691
              Function 0170EB50 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: bcbbbfa33cc58477d3f62c63cedd20504f4f822477eea09640f566fa08f8b390
              • Instruction ID: 6684110f90bd178b57dec1f1c082b208f537cfde609bc7eaf8dc44e99fe28492
              • Opcode Fuzzy Hash: bcbbbfa33cc58477d3f62c63cedd20504f4f822477eea09640f566fa08f8b390
              • Instruction Fuzzy Hash: AA018471644701AFD3325B15DC51F02FAE9EF55B90F114C2DB6069B390DAF098818B58
              Function 01662582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35ce11735d5c6a984b7a0bffc893379f52008e696699c66b3dfcccd157e2c9ad
              • Instruction ID: 3bbf8b342a9d71c5e8b3295f8aadabd86f5b735fdb44e6072931cdfb980612d2
              • Opcode Fuzzy Hash: 35ce11735d5c6a984b7a0bffc893379f52008e696699c66b3dfcccd157e2c9ad
              • Instruction Fuzzy Hash: 47F0F433741A10B7C7319B5A8C50F47BEAEEB84B90F00442CA60A97700CA30ED01CBA0
              Function 0168C073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: 598fdb13ba69823299ea1038193efb500ea89af783e235fcba56c8a568747e25
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: C1F0C2B2600611ABD324DF4DDC40E57FBEADBD1A80F04856CA645C7320EA31DD05CBA0
              Function 0165C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: dc5c028a3f22770c5b56b560431cff9eea71cd33397978a1e075634a4439fb54
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: 90F021332047339BD7721B5D4C80B6BA79E8FD1B64F190039FA059B341CAA18D02A7D1
              Function 0169CA6F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction ID: 95ea9a0128f4ff9e6402e1f39d01b12a2e24bc583ab0c14a4b8671e26e6dad7d
              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction Fuzzy Hash: 3C01FF32601685ABE722D71DCD09F99BBDDEF41750F0880A9FE048B7A2E779C801C265
              Function 017361E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b196bb37ff1074e16cc2c6a79b3b2cc126e4394692cfc2563a4abbb35a405f5c
              • Instruction ID: 96a8eac2f0b8ea3de3b92daf77337b92ecb0944285960e7348852515afbb4312
              • Opcode Fuzzy Hash: b196bb37ff1074e16cc2c6a79b3b2cc126e4394692cfc2563a4abbb35a405f5c
              • Instruction Fuzzy Hash: 02014F71A00249ABDB04DFA9D945AEEFBF8FF58310F14405AF505A7380D774EA01CBA9
              Function 016E63C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: f3599ebf9ca9a3aca3d28c3806e437729801b00a35682d81661312f715e64f7a
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: 7DF0127210101DBFEF019F94DD80DAF7BBEEB55298B104229FA1192160D631DD21A7A0
              Function 016EA4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9b127f265c1ff0131c52bd64b7194ebd6e703bc64532e62eeb120d71f95477b
              • Instruction ID: 2141d76329f5ab8b3e55264b43e0844e0fd5ce9898a1e59d186b37dcf74711fb
              • Opcode Fuzzy Hash: d9b127f265c1ff0131c52bd64b7194ebd6e703bc64532e62eeb120d71f95477b
              • Instruction Fuzzy Hash: F4018536111219EBCF129E94DC44EDA3FA6FB4C664F068205FE1866220C332D971EB91
              Function 0165C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3c749e68855c21dcc71ba81ff6e9e12a5b4fdc5b804bccc42181ac459e73fe5
              • Instruction ID: 001aaf664416f07affb99c40b1aada8413542ed169d0a7ff541295a5be97c166
              • Opcode Fuzzy Hash: f3c749e68855c21dcc71ba81ff6e9e12a5b4fdc5b804bccc42181ac459e73fe5
              • Instruction Fuzzy Hash: CDF0B4B27443415BF7B59A1DDC11B63369EE7D0AA2F25806AEF058B3C1EE71DC4283A4
              Function 0169656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f18a6eeec823804dfc595c8f2a9ef869f9e57e67351211654edc4121f486b19
              • Instruction ID: 0fb4be3678704b1f3b17e8cb64601c733a5d3b88f4a31cda1c9158ff923f4c3d
              • Opcode Fuzzy Hash: 7f18a6eeec823804dfc595c8f2a9ef869f9e57e67351211654edc4121f486b19
              • Instruction Fuzzy Hash: 4D01AFB16017819BEB229B2DCD48B2537A9BB40B04F494198BA018BBE6DB78D8428614
              Function 0170437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: 20766e1cec80902aa652a37bf30583a574167ce0f4571d40aad5be36cfd9971b
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: 4BF08935341B13C7EB77AA2D9810B2AE7D69F90A50B05252D9757EB6C0DF60D8018790
              Function 016EE872 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction ID: 267cae25fed1fc1bc3e46b7706463476d9f2a5c57e568a572c661bafd9e4e8de
              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction Fuzzy Hash: BFF089337525119BE3319A5DCC84F17B7E9EFD5A60F5B0269A6049B364C761EC02C7D0
              Function 016EC89D Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2fb0233d175a9a007880795c24fca92d2aadca1b0c88b8c90d4e7fe0a55a196
              • Instruction ID: e9d74cb558908614d3f5c872ff59a3de322fd1b2db68977e82983c8aaf438885
              • Opcode Fuzzy Hash: d2fb0233d175a9a007880795c24fca92d2aadca1b0c88b8c90d4e7fe0a55a196
              • Instruction Fuzzy Hash: 28F0AF716057049FC310EF28CD45A1BBBE5FF98710F80465EB898DB390EA34EA01CB96
              Function 01690854 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction ID: 9844174267d82b7a6708c5b9f3237e9e93a88649733160818785a2fe93af6275
              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction Fuzzy Hash: 54F0B472610204AFEB14DB25CD01F56B6EEEF98754F258478A945DB2A0FAB0DD01C654
              Function 016EC912 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 648ec46294b88f91f12b394242698a2f988d18da3c9cb48d47383999e9e95781
              • Instruction ID: a8377b1eb0ef95c08bdb7d30bb8db149af87ddf004e037fca3d5fe0c4a86e16c
              • Opcode Fuzzy Hash: 648ec46294b88f91f12b394242698a2f988d18da3c9cb48d47383999e9e95781
              • Instruction Fuzzy Hash: 6DF06270A01249EFCB04EF69C915A6EB7F5FF18300F408159B955EB385DA74EE01CB64
              Function 016647FB Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9145376771443a42a2748aac8490d5db34b21cc0d807257a1c7cff3dc12fea49
              • Instruction ID: e1a03ab9d90d3d2c5aaf62ce1e5fcb4981873a5353d5e970b32914552a5904d3
              • Opcode Fuzzy Hash: 9145376771443a42a2748aac8490d5db34b21cc0d807257a1c7cff3dc12fea49
              • Instruction Fuzzy Hash: C4F0BE319166E1DFE733CBACCC44B62BBDC9B01660F0A896ED58A87602CF28DC80C650
              Function 01720115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1a5a18422d49b14ea00b69f93857bde67b422b1b5ed6e1fb2ab456dbf02a138
              • Instruction ID: 6809ac71e13f79656cb5ec59f41383d0af31295f79d7ce621235db88f23ed0fd
              • Opcode Fuzzy Hash: b1a5a18422d49b14ea00b69f93857bde67b422b1b5ed6e1fb2ab456dbf02a138
              • Instruction Fuzzy Hash: 3DF0276641A7D106CB325B2C64582D9EB75A741120F691489F8A05720DC7B48883C330
              Function 0169C5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0c7a38ba15cf64d63a3afef20a738dbde6ec6f504cd835ef7c16a852e2a71b8
              • Instruction ID: 872767f7261affa10d96c7b8fe2d188b36612d08f716cf3a6ab6661f64e707d5
              • Opcode Fuzzy Hash: d0c7a38ba15cf64d63a3afef20a738dbde6ec6f504cd835ef7c16a852e2a71b8
              • Instruction Fuzzy Hash: AEF0E2715116719FEB229B5CCD48B51BBDC9B857A1F089426D406C7652C364E881CAD0
              Function 016A2619 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction ID: 89833613592cee6e11bc0f7dc4510945d27e07af03849f75d3130b709773c6c8
              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction Fuzzy Hash: 74E0D8323416012BE7119E598CD0F47776FDFD2B10F44047DB6045F252CAE2DC0986A8
              Function 016F6030 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction ID: 2718393b9f9f1068cb6b746551462a122766152ef2e4251f5ca248d870b4879b
              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction Fuzzy Hash: F4F030721042049FE3218F09DE44F52B7F9EB15364F55C469E7099B661D37AEC40CBA4
              Function 01660710 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction ID: 03658eaa295f72f2183f320a7f0e7278495732bef096f086a6fd4aaf366c3d30
              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction Fuzzy Hash: 0DF0E53A2047519BDB1ACF19D840AE57FA8FB45360F0000A4F8428B301D735ED82CB95
              Function 016949D0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction ID: a26c93a937ece247aabf80edf027aae26755c4948881eb8dc7ff58a0ac288925
              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction Fuzzy Hash: DDE0D832244145ABDB211A598D00B6677AEDBD27A0F150429EA019B258DF78DC43C7DC
              Function 0170678E Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction ID: 635ba6757799dadb7e16fcc14bf53c4dba5807abb278b20a84d96a142874948c
              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction Fuzzy Hash: 6BE0DF32A00210FBDB2297998E11F9ABEEDDB90EB0F050059B601E70D0E530DE00D690
              Function 016625E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24c626d0277d0b8b077b73a426234610f56dc6296287f30ad781fac414b62097
              • Instruction ID: a5d78bae32029c42fc65b1e7007ecc80727f23bbaa66a8de2f83672d0b4908a5
              • Opcode Fuzzy Hash: 24c626d0277d0b8b077b73a426234610f56dc6296287f30ad781fac414b62097
              • Instruction Fuzzy Hash: 3EE092721006549BC321BB29DD51F8A779BEBA0364F01461DB11557190CB30AC10C798
              Function 0171A456 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction ID: fcdb66eea10132d8a5e35bc8d45c1e196fa4f49fd688bae0b283cf946cba3251
              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction Fuzzy Hash: 01E09231051651DFE7326F2ECC48B52BAE2BF50711F148C2CA19A024B0C77598D0CA44
              Function 016E4000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 5c1f912656922c54258b4d706ca6645ba64f5f366bbbcedc772c45b1673c5ce0
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: 1EE0AE343002058BE715CF29C448B627BA6BFD5A10F28C178A9488F305EB32A842CA40
              Function 0169CA38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb5d748b0b7e6206a226b51a74fda7ae0c6d18732baa1768fbd5524e93834747
              • Instruction ID: 85273a5cbf768e8dd9b0c99ea02b8ce03199e0a5f8824a2453ee040e6317c1bd
              • Opcode Fuzzy Hash: fb5d748b0b7e6206a226b51a74fda7ae0c6d18732baa1768fbd5524e93834747
              • Instruction Fuzzy Hash: 81D02B32485460ABCF35F1187C04F973A5EAB50370F018C60F908D2011D568CC8192C8
              Function 0165823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: 9d2edca73eda87a3ce50e3da9a32a0c676b3731d63788be318296e3d7c7ef281
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 98E0CD31144510DFD7312F17DC10F517AA6FF94B50F10881DE4810797487705C82DF89
              Function 01662050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ce87a6440b9dae391dd92417340dfae743de3018f3bea7b6a812808b006dbbd
              • Instruction ID: 0090d5e7b6615cfc166339fd47517f223cb18b7c110ee6e57db644e5ffa54ac4
              • Opcode Fuzzy Hash: 6ce87a6440b9dae391dd92417340dfae743de3018f3bea7b6a812808b006dbbd
              • Instruction Fuzzy Hash: A8E08C321015606BC311FA6DDD50E4A739FEBA4260F004229B15187290CA60AC00C798
              Function 01698A90 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction ID: c0a4e957f40b6a9fac733948581ab1bb5a6feb1dd4241246b384629e5b597d63
              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction Fuzzy Hash: C8E08633111A188BCB28DE18D912B7277ACEF45720F09463EAA1347781C634E544C794
              Function 016B6AA4 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
              • Instruction ID: 6521e3e87d8f15628cf626f0b6fdac2c44ebb549c0828faf8e815b6cfd332e3c
              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
              • Instruction Fuzzy Hash: 35D05E36511A50AFD7329F1BEE40C53BBF9FBC4A10705062EA54683A20C770A846DBA0
              Function 0169E59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: 66f375faf4e16fa43a628430d6ae35284680e7f24da2a4432b6c8d3b8210e0c6
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: FFD0A932614620ABE732AA2CFC00FC333E9BB98720F060459B008C7250C360AC81CA88
              Function 016DE908 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction ID: 3dc29654a60f87da7def914ffb083c270eebccfa5e0825e4eff0f13150996faa
              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction Fuzzy Hash: 51E0EC359516849FDF22DF69CA40F5ABBB9BB94B40F550058A1085F760C725A900CB80
              Function 0165A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: e40e9259857fa06535414b19c0a3737ccb1fcb2688bc0ca7f163023ae2882e6e
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: 24D0223222203093DB2856A56C00F637906AB80A94F0A012C380A93A00C1048C43D2E0
              Function 0169A830 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction ID: 7d55e6d070504b57a44813bae9e7949e810178fab879ba91667b6ae7f7423775
              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction Fuzzy Hash: DAD012371D054DBBDB119F66DC01F957BA9E764BA0F444020B504875A0C63AE950D584
              Function 0169CA24 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 146359fd2acd69210ebfbb485163a15867084204785eef9f05abdd68262cc362
              • Instruction ID: bc1ec6f75d7b9235f1eb6d48ecce376506a732cd851778784f776f4267d24c7c
              • Opcode Fuzzy Hash: 146359fd2acd69210ebfbb485163a15867084204785eef9f05abdd68262cc362
              • Instruction Fuzzy Hash: AAD0C934A56502DBEF2ADF59CE54E6E7AB9FF14741B8000ACEB0192620E329DC12DA50
              Function 016702A0 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction ID: e2893ee617282cf94c5f1c387ccc0a2b8ee8152a6f7538db06b0bafe8bffe5bd
              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction Fuzzy Hash: 3ED0C936616E80CFD61BCB0CC9A4B2533A4FB45F44F814490F401CBB22E72CD940CA10
              Function 0169C700 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction ID: c2f206d1ca25196c77606c11c87a4a6bb3cc8200814c34d21f6d9d568b33aaf0
              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction Fuzzy Hash: F4C08033150644AFD711DF95CD01F0177A9F798B40F000021F30447670C531FC10E644
              Function 01680310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: 07123363d9a0d18ddea9f24a8d0f01b355d99e08fad1bab8474f4b590d4f316f
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: 0FD01236100249EFCB02EF41D890D9A772BFBD8710F108419FD19076108A31ED62DA50
              Function 01660750 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction ID: 714bdbc887ddf52eda31df464bc14c7b2b189067cc6730bd1734b3d3a295fda7
              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction Fuzzy Hash: 9BC0487A701A428FCF16DB2ADBD4F8977E4FB54740F151890E809CBB22E724E841DA11
              Function 016A4340 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0c18c7d226d1f2040dec8dda28fe8c58eb2d7660d523ca7a077dd7d7a9609c1
              • Instruction ID: 191cc6b8e7776320c0d8678724b5985345eded361c43f9afd4542115cab8f85e
              • Opcode Fuzzy Hash: b0c18c7d226d1f2040dec8dda28fe8c58eb2d7660d523ca7a077dd7d7a9609c1
              • Instruction Fuzzy Hash: 7D90023160580012914075584CC4587400DA7E0301B55C011E4425754DCA148A965761
              Function 016A4650 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d48d71ad9fd0cd3f0a6801fc3886fc318d0973a499bb823c0fc77b8f73fc7da
              • Instruction ID: 0a0b73be35ebebe964a2a51b6e135870c53e55873ffa10042b376ec4beb8c530
              • Opcode Fuzzy Hash: 1d48d71ad9fd0cd3f0a6801fc3886fc318d0973a499bb823c0fc77b8f73fc7da
              • Instruction Fuzzy Hash: F590026160150042414075584C44447600DA7E1301395C115A4555760DC61889959769
              Function 016A2B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0156c1574b3f7fe94fafc5934f5cc5c8f8c4647d2dd0d43127403b93fe38825d
              • Instruction ID: 74bc0f7917345979d31860650070a5b5df953267463c15969f0c21ec2e117851
              • Opcode Fuzzy Hash: 0156c1574b3f7fe94fafc5934f5cc5c8f8c4647d2dd0d43127403b93fe38825d
              • Instruction Fuzzy Hash: DC90026120240003410575584C54657400E97E0201B55C021E5015790EC52589D16725
              Function 016A2BE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 482b0c212efd719cbcd30a8f860c290646eb6b1675ef21f85cbb059f45890b8d
              • Instruction ID: df3fdc9e0bf3cc1755f9658a334e7b5fb85428497d2c4182eed5b74fa8d80362
              • Opcode Fuzzy Hash: 482b0c212efd719cbcd30a8f860c290646eb6b1675ef21f85cbb059f45890b8d
              • Instruction Fuzzy Hash: F690023120544842D14075584C44A87001D97D0305F55C011A4065794ED6258E95BB61
              Function 016A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d3f3e403ba8c3bdd3672fdb55e4c5463446a7734ef5af2ebd972ecf60b075e0
              • Instruction ID: 9c2031cb681169d85bd049618590ff071caab6f95d19832fdea16b23eafae0cf
              • Opcode Fuzzy Hash: 3d3f3e403ba8c3bdd3672fdb55e4c5463446a7734ef5af2ebd972ecf60b075e0
              • Instruction Fuzzy Hash: B490023120140802D18075584C4468B000D97D1301F95C015A4026754ECA158B997BA1
              Function 016A2BA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33c190d7108d65ac66efc4a5b7e44c6d05b01c538a8c04491a59dd250823dcfb
              • Instruction ID: 791cd554f1d8e446d8dc4e363c5804dda565ef6d9eb84c4200cb387d453f9f0a
              • Opcode Fuzzy Hash: 33c190d7108d65ac66efc4a5b7e44c6d05b01c538a8c04491a59dd250823dcfb
              • Instruction Fuzzy Hash: 1890023160540802D15075584C54787000D97D0301F55C011A4025754EC7558B957BA1
              Function 016A2B80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbf61998fef1d4985f3a0978531a05107084ef2a8eeaf43be3e0b09d7836c43d
              • Instruction ID: 81148fe55cf453c9160b0cbe3b69fd209a0245458517466f2c414485c3756d61
              • Opcode Fuzzy Hash: dbf61998fef1d4985f3a0978531a05107084ef2a8eeaf43be3e0b09d7836c43d
              • Instruction Fuzzy Hash: 0090023120140802D10475584C446C7000D97D0301F55C011AA025755FD66589D17731
              Function 016A2AF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a7f294292383cbc47d9fca68f00c2f4e1440f3b92f12cac072b0259d75b724b
              • Instruction ID: 4842f63df9c94c3b66f37fef69c5f92e26fca23904fee8a166c2244b98311672
              • Opcode Fuzzy Hash: 8a7f294292383cbc47d9fca68f00c2f4e1440f3b92f12cac072b0259d75b724b
              • Instruction Fuzzy Hash: AC900225221400020145B9580E4454B044DA7D6351395C015F5417790DC62189A55721
              Function 016A2AD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eea892ed6254d1c8107d04bd4f439a3d505b742f86f98486f509ec1dcefb52a
              • Instruction ID: 3fdda77f9d9e42f3f9cac0fa30c949088ab71301f03d20ea20c7e4812a10b257
              • Opcode Fuzzy Hash: 7eea892ed6254d1c8107d04bd4f439a3d505b742f86f98486f509ec1dcefb52a
              • Instruction Fuzzy Hash: B9900225211400030105B9580F44547004E97D5351355C021F5016750DD62189A15721
              Function 016A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68ae5ef7b00163304c0420c7871d79db6d0083254b5516666e08ceca137f439f
              • Instruction ID: ce5204542649283a84963d394b724d106604a2159662b27730622547e674ff01
              • Opcode Fuzzy Hash: 68ae5ef7b00163304c0420c7871d79db6d0083254b5516666e08ceca137f439f
              • Instruction Fuzzy Hash: 149002A1201540924500B6588C44B4B450D97E0201B55C016E5055760DC52589919735
              Function 016A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b46bec32dae5eb5f3b948e54c188a47e74e022c23a4fefd199b915f1af0cb727
              • Instruction ID: 40d4801adf1518633d8f47efbaf774e4964b52be280cd5714566a20bac6417e7
              • Opcode Fuzzy Hash: b46bec32dae5eb5f3b948e54c188a47e74e022c23a4fefd199b915f1af0cb727
              • Instruction Fuzzy Hash: DC90022130140003D14075585C58647400DE7E1301F55D011E4415754DD91589965722
              Function 016A2D00 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 797e059053d012e79a493628ecb07f3216f9b2b001736df570da110b6b6810ff
              • Instruction ID: 26d181c25a4b16d6df6cb3b6793fa5e9168f4beb25aefe791925b8b2e13581a9
              • Opcode Fuzzy Hash: 797e059053d012e79a493628ecb07f3216f9b2b001736df570da110b6b6810ff
              • Instruction Fuzzy Hash: A190022120544442D10079585C48A47000D97D0205F55D011A5065795EC6358991A731
              Function 016A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 288c93dca676cb68cf2b9bb4b8fab535c048d2705573034915d98afb6ece2751
              • Instruction ID: cfcd8039d7d2a7e9f3d63e0b98431d0b1ec75844d04ad492660b21e98ab1f546
              • Opcode Fuzzy Hash: 288c93dca676cb68cf2b9bb4b8fab535c048d2705573034915d98afb6ece2751
              • Instruction Fuzzy Hash: 8F90022921340002D18075585C4864B000D97D1202F95D415A4016758DC91589A95721
              Function 016A2DD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e42061e7a9f7716183f5785bc0ac26e65889e8983a85560d3c4374676006f468
              • Instruction ID: e252c748802a25fc819805973f6303cffb2a854539846df17e4c5640e29d1aa8
              • Opcode Fuzzy Hash: e42061e7a9f7716183f5785bc0ac26e65889e8983a85560d3c4374676006f468
              • Instruction Fuzzy Hash: F0900221242441525545B5584C44547400EA7E0241795C012A5415B50DC5269996DB21
              Function 016A2DB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 630a47779a34245c7fdb8328c2ed769e04f3f1bb3c30bc3050db42e99a431786
              • Instruction ID: faf33928c13aedfc22c71ebcbeb0d9e0706a977fa6cece69a5393531810ae947
              • Opcode Fuzzy Hash: 630a47779a34245c7fdb8328c2ed769e04f3f1bb3c30bc3050db42e99a431786
              • Instruction Fuzzy Hash: 7590023124140402D14175584C44647000DA7D0241F95C012A4425754FC6558B96AF61
              Function 016A2C60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef3328711671e27add6578eb06532fa35cd63d684589200a8c282f861a576e1d
              • Instruction ID: e284d7f1dc2adc8b0701c799c169eeb78d6d6e39ba1e64aedcfd9e5dafbadac7
              • Opcode Fuzzy Hash: ef3328711671e27add6578eb06532fa35cd63d684589200a8c282f861a576e1d
              • Instruction Fuzzy Hash: 2290023120140842D10075584C44B87000D97E0301F55C016A4125754EC615C9917B21
              Function 016A2CF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9c61010e40a8d7994eeb284de4f3b5f98c1e730306d4c9c6ad4a53a36a4735a
              • Instruction ID: 7c2ade957f35e9fb53ba692d3db5cca42e9cd16840dbbd4d511c7a093cc37607
              • Opcode Fuzzy Hash: d9c61010e40a8d7994eeb284de4f3b5f98c1e730306d4c9c6ad4a53a36a4735a
              • Instruction Fuzzy Hash: 5C90023120140403D10075585D48747000D97D0201F55D411A4425758ED65689916721
              Function 016A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a664e390839dc10eb8768f063b94e525eef743e852346ff995b03adaab2f46a0
              • Instruction ID: e0584a15dfc6b6a533d3bf4187460575a7856609cb055ae5f0cc47e5b3238821
              • Opcode Fuzzy Hash: a664e390839dc10eb8768f063b94e525eef743e852346ff995b03adaab2f46a0
              • Instruction Fuzzy Hash: 0E90022160540402D14075585C58747001D97D0201F55D011A4025754EC6598B956BA1
              Function 016A2CA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd8a595a3b06ed45b6181500d4ae140b7535c9590d0a355d5666b1e6d5b6c828
              • Instruction ID: b11bda1167dcb1d084856250c9ffd6fcdb38788864321c42752dc32092fc5b9e
              • Opcode Fuzzy Hash: cd8a595a3b06ed45b6181500d4ae140b7535c9590d0a355d5666b1e6d5b6c828
              • Instruction Fuzzy Hash: 3290023120140402D10079985C48687000D97E0301F55D011A9025755FC66589D16731
              Function 016A2F60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5a6eb7efb7332535c13602d494a6c32e51e6386145a4b6ebe613f8fb34bcf1d
              • Instruction ID: bae3c4230ede5a17261b14bf697edc71fe07ea0cdabf4ee724ef347513eda129
              • Opcode Fuzzy Hash: f5a6eb7efb7332535c13602d494a6c32e51e6386145a4b6ebe613f8fb34bcf1d
              • Instruction Fuzzy Hash: 1290026121140042D10475584C44747004D97E1201F55C012A6155754DC5298DA15725
              Function 016A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8fbf8b829bd3c3858787d4d73f355d570e0740827f959159f023d9967b4291d
              • Instruction ID: e81377611e13f970e480913a5d0ef6a3e27da9767d4a39d67e55a36385b8a2d7
              • Opcode Fuzzy Hash: d8fbf8b829bd3c3858787d4d73f355d570e0740827f959159f023d9967b4291d
              • Instruction Fuzzy Hash: 2690026134140442D10075584C54B47000DD7E1301F55C015E5065754EC619CD926726
              Function 016A2FE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0157c528e2e0fec9a876158dafa9d381c38bc930ff4331513c2e9b112012eb38
              • Instruction ID: 27ace079e785f7700a25b356ec17aeccf49de463c00e242915477d9fcdc1187f
              • Opcode Fuzzy Hash: 0157c528e2e0fec9a876158dafa9d381c38bc930ff4331513c2e9b112012eb38
              • Instruction Fuzzy Hash: 04900221211C0042D20079684C54B47000D97D0303F55C115A4155754DC91589A15B21
              Function 016A2FA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d92767da05ec0a1e41674c9f9f5cab0a6dbc1e6fd9d85fd1b567ac03b505623
              • Instruction ID: fd02dbeae5fc23cacf3035e4e2db1faba8cce0e10de772a21b6a75f44968139b
              • Opcode Fuzzy Hash: 4d92767da05ec0a1e41674c9f9f5cab0a6dbc1e6fd9d85fd1b567ac03b505623
              • Instruction Fuzzy Hash: B190023120180402D10075584C48787000D97D0302F55C011A9165755FC665C9D16B31
              Function 016A2FB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6246a37f6491512af3d292c67f9f5966ca6c24cf241a99bfea92434f2c094e8b
              • Instruction ID: 648d860938130352b544f578db9937307a6a22fe5f8b31067ed7b8e54fe73b58
              • Opcode Fuzzy Hash: 6246a37f6491512af3d292c67f9f5966ca6c24cf241a99bfea92434f2c094e8b
              • Instruction Fuzzy Hash: CE90022160140042414075688C84947400DBBE1211755C121A4999750EC55989A55B65
              Function 016A2F90 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a836eef6668412440f56710cd147a55bc0ecc58ddff85a6c29ad9e09891a519e
              • Instruction ID: 4abace9a029dc7cf9f6dfba8931b37ebd9d1d150b1fe6512719d0f49351fbc13
              • Opcode Fuzzy Hash: a836eef6668412440f56710cd147a55bc0ecc58ddff85a6c29ad9e09891a519e
              • Instruction Fuzzy Hash: DE90023120180402D10075584C5474B000D97D0302F55C011A5165755EC62589916B71
              Function 016A2E30 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18d14f0f35fdcd6169013d34c4922fd7b065f45d358a02c62c6b5f3bee3a86bd
              • Instruction ID: 1865cfdb64b786fb8ff3e3962f00d6394941eb6eaa60ddddbbdf9afb3a77e508
              • Opcode Fuzzy Hash: 18d14f0f35fdcd6169013d34c4922fd7b065f45d358a02c62c6b5f3bee3a86bd
              • Instruction Fuzzy Hash: 8190022130140402D10275584C54647000DD7D1345F95C012E5425755EC6258A93A732
              Function 016A2EE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64e9181836cf6ae8253222ea769bd5867ff73434bbeffe3d22cc4bd490fa2f05
              • Instruction ID: 80df6b4d4529b690b3a4b1e68af399327786b6ca88eb7bbdc284d2671c58f8c0
              • Opcode Fuzzy Hash: 64e9181836cf6ae8253222ea769bd5867ff73434bbeffe3d22cc4bd490fa2f05
              • Instruction Fuzzy Hash: 4E90026120180403D14079584C44647000D97D0302F55C011A6065755FCA298D916735
              Function 016A2EA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2ce873446be002049a2211f8f33c2baf7a8ca88c873f59b54eabe47a6467198
              • Instruction ID: 5f98373fd7a7d207ad9d499b844e50ce158d6aac5e8e6695e82e072681dbd9f6
              • Opcode Fuzzy Hash: e2ce873446be002049a2211f8f33c2baf7a8ca88c873f59b54eabe47a6467198
              • Instruction Fuzzy Hash: BD90027120140402D14075584C44787000D97D0301F55C011A9065754FC6598ED56B65
              Function 016A2E80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae2b32eed0e0413d2a17f998580dc91e3f5afdd30a11992f4f42ad628f1eb409
              • Instruction ID: 8152e81f8531b720cab41ffcc17cfd7fba40b981ea337a6f779840d9f2f2b0e0
              • Opcode Fuzzy Hash: ae2b32eed0e0413d2a17f998580dc91e3f5afdd30a11992f4f42ad628f1eb409
              • Instruction Fuzzy Hash: 8B90022160140502D10175584C44657000E97D0241F95C022A5025755FCA258AD2A731
              Function 016A3010 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2aea65a28ea910bbc72ec55a74c2a9d93b76c64041972033ebe7f3ced15643fe
              • Instruction ID: c851ca18e4afa5fdfab554d473763d492ff6f1817ba4c153a02d7cc91a626f23
              • Opcode Fuzzy Hash: 2aea65a28ea910bbc72ec55a74c2a9d93b76c64041972033ebe7f3ced15643fe
              • Instruction Fuzzy Hash: D990022120184442D14076584C44B4F410D97E1202F95C019A8157754DC91589955B21
              Function 016A3090 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c19dfa3c95d9b486d0497ac98bb6e0c50599dda3732914e8fc4713d27cbdf086
              • Instruction ID: 6b52231f2dfddd9ed39c910368df6b0ad4d094c7709e53960acdb979818dd93d
              • Opcode Fuzzy Hash: c19dfa3c95d9b486d0497ac98bb6e0c50599dda3732914e8fc4713d27cbdf086
              • Instruction Fuzzy Hash: EF90022124140802D14075588C54747000ED7D0601F55C011A4025754EC6168AA56BB1
              Function 016A39B0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f541351369aca286d05de40cbef7728e700668e6554ae70e84f26e5d2ec7943
              • Instruction ID: 53ef7a42827a211ac8f6209e9c7131c2bc52d7874374b7fd547f2203d8679326
              • Opcode Fuzzy Hash: 3f541351369aca286d05de40cbef7728e700668e6554ae70e84f26e5d2ec7943
              • Instruction Fuzzy Hash: 3190022124545102D150755C4C44657400DB7E0201F55C021A4815794EC55589956721
              Function 016A3D70 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbda2dad7680a528a99614c2f68131aca30f30c1edba7d7518bf143b81cf226
              • Instruction ID: 473a1c028b30891a5a19cd9a8853f98842cad8aae299bf12bad3192b70790ed9
              • Opcode Fuzzy Hash: 5cbda2dad7680a528a99614c2f68131aca30f30c1edba7d7518bf143b81cf226
              • Instruction Fuzzy Hash: 3E90023520140402D51075585C44687004E97D0301F55D411A4425758EC65489E1A721
              Function 016A3D10 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f19e26670cf29a69253984767b733e52b1212d28a33d984bf8ce600a7baff682
              • Instruction ID: 98d76cb64f1908c4af615a41b21619706e37ea1afe24da9da15bf0ddf93e8a2c
              • Opcode Fuzzy Hash: f19e26670cf29a69253984767b733e52b1212d28a33d984bf8ce600a7baff682
              • Instruction Fuzzy Hash: 5E90023120240142954076585C44A8F410D97E1302B95D415A4016754DC91489A15721
              Function 016A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction ID: 92d2bfbb80bcc94782a0331febb4312038f1e230443bb0437741ad0c1b70f11a
              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction Fuzzy Hash:
              Function 016A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: b0a54c3e0135fd2cb282099e34d9a7f72df4ba0b13769542072b481b7c072949
              • Instruction ID: a16884cd5e0cd654615219f6800207a68a6335f651315c2b626bc2f6cd62d614
              • Opcode Fuzzy Hash: b0a54c3e0135fd2cb282099e34d9a7f72df4ba0b13769542072b481b7c072949
              • Instruction Fuzzy Hash: ED51F4B6E04116AECB11DF9D8DA097EFBB8BB08640B94826DF565D3742D334DE448BA0
              Function 01712410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 4e70f3ff55c6a05b31fb51f726889251449bd50fe517e124e5e857df05229c64
              • Instruction ID: 8ce93ba936fee8eb39cacb164d57ac25b68fcbd54fd6bdb7e9d7447cdd159260
              • Opcode Fuzzy Hash: 4e70f3ff55c6a05b31fb51f726889251449bd50fe517e124e5e857df05229c64
              • Instruction Fuzzy Hash: 8951F471A00646AECB34DF9CCD9097FFBF9EB44200B248499E896D764BEA74DE408760
              Function 01697630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 016D4787
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 016D4725
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 016D4655
              • ExecuteOptions, xrefs: 016D46A0
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016D46FC
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 016D4742
              • Execute=1, xrefs: 016D4713
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: dbd8163b8edec5d48bd71904348a0c8286d9641e52077e19d792be2f4a22db96
              • Instruction ID: e04b4afc0592e7faad9fd9c2bacc89057b429e3234eb7b9a60ea8cf561bfbbae
              • Opcode Fuzzy Hash: dbd8163b8edec5d48bd71904348a0c8286d9641e52077e19d792be2f4a22db96
              • Instruction Fuzzy Hash: 84510931A502196BEF11AFA8DC85BBD77ADEF55300F0400DDD605AB281EB719E418F94
              Function 016AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: 20eddee03a2e7e93f3d86933bdc1b539cdf7470b81202f07f1d2cf438ed21aca
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: 8581BA30E052598EEF298E6CCC917BEBFB2AF45320F9C421AD861A7391C7708C418F65
              Function 017120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$[$]:%u
              • API String ID: 48624451-2819853543
              • Opcode ID: 7710150f1f4a479d7ecaf92c7abed563ce0a6f6d667e1688bacec09aa26a6734
              • Instruction ID: d78d3312c5168c6fa9a7ecf56fe2c936da7b4ba30629a496a8036995cccb75e0
              • Opcode Fuzzy Hash: 7710150f1f4a479d7ecaf92c7abed563ce0a6f6d667e1688bacec09aa26a6734
              • Instruction Fuzzy Hash: D721627AE00119ABDB10DF7DCC40AFEBBF9EF54650F54011AEA05E3205E730DA019BA1
              Function 0168F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016D02E7
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016D02BD
              • RTL: Re-Waiting, xrefs: 016D031E
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: 8163fc989956041a876bf66bd0ff2b61f1d711df1eb9f5f1efb28c194a3faead
              • Instruction ID: 5495f5487e89f9d08424c1626aeb9c5a82d20caa300e512ea2b2c51b4754ccc8
              • Opcode Fuzzy Hash: 8163fc989956041a876bf66bd0ff2b61f1d711df1eb9f5f1efb28c194a3faead
              • Instruction Fuzzy Hash: C3E1BC30A047429FE725EF28CC84B2ABBE1AB88314F144BADF5A58B3D1D774D845CB52
              Function 0169BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Resource at %p, xrefs: 016D7B8E
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 016D7B7F
              • RTL: Re-Waiting, xrefs: 016D7BAC
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: dab53724cce3f79ee6bd93ae89b09e27078afdf1681dc2d72b621f0a91b64c37
              • Instruction ID: ec3085cf783ca43d3a7eecd290fa97c7aa7d61e506a8e61e1f6b54101d4c16bd
              • Opcode Fuzzy Hash: dab53724cce3f79ee6bd93ae89b09e27078afdf1681dc2d72b621f0a91b64c37
              • Instruction Fuzzy Hash: C141E1317017029FDB20DE29DC40F6AB7E9EF88710F100A1DEA5A9B780DB71E9058B96
              Function 0169B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016D728C
              Strings
              • RTL: Resource at %p, xrefs: 016D72A3
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 016D7294
              • RTL: Re-Waiting, xrefs: 016D72C1
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: ac38c0d3eceb129094536d6bb518249a5a926b1effbcf3cd5ba43d5295961f84
              • Instruction ID: fe74f8e65ae22e181efb7eb016719ec31c1c4ace91718a543f5f3094fbc1827c
              • Opcode Fuzzy Hash: ac38c0d3eceb129094536d6bb518249a5a926b1effbcf3cd5ba43d5295961f84
              • Instruction Fuzzy Hash: FC412231B01246ABCB20DE29CC41F6AB7AAFF94B14F10461DF955EB340DB30E8029BD2
              Function 01712300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$]:%u
              • API String ID: 48624451-3050659472
              • Opcode ID: e654a42358bd7ff330a611869e837bc799b150dbf3e9aff94b0984151d5bbef6
              • Instruction ID: ccdf128d7beac59fcfe8d3201f2c4c4b305c1b4e91c217b271f23e2a321cf9cb
              • Opcode Fuzzy Hash: e654a42358bd7ff330a611869e837bc799b150dbf3e9aff94b0984151d5bbef6
              • Instruction Fuzzy Hash: DA318672A00219AFDB20DF2DCC40BEEF7F8EB54650F544559E949E3205EB30EA448FA0
              Function 016A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 77dbb050ec902fadc17bb59b61529cea9e3e5c9a698aece203ceef826ae70d2f
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: 2C919271E0020A9AEB24DF6DCC806BEBBA9BF44321F94451AE955A73C1D7329E41CF61
              Function 01669126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: 581fbb924d7592204538c85d5aca2fb49ba9ebe7e967f9b647b014e370f54c52
              • Instruction ID: e9e67c89353c05e6b67ca7f9855ee9e5f9b320da0b05e2b45172ba4e1fdad344
              • Opcode Fuzzy Hash: 581fbb924d7592204538c85d5aca2fb49ba9ebe7e967f9b647b014e370f54c52
              • Instruction Fuzzy Hash: 1D812B71D00269DBDB31DB54CC54BEEBAB8AB08714F1041EEEA19B7240E7709E85CFA4
              Function 016ECEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
              Download Yara Rule
              APIs
              • @_EH4_CallFilterFunc@8.LIBCMT ref: 016ECFBD
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp, Offset: 01630000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1630000_TNT Original Documents AWB 8013580.jbxd
              Similarity
              • API ID: CallFilterFunc@8
              • String ID: @$@4_w@4_w
              • API String ID: 4062629308-713214301
              • Opcode ID: 6ef81ca5a3402026bd60858e726a36678586aec0bf5751e93b406e9023e41360
              • Instruction ID: c4981a2d98efc573b7583963c53fcfe797f68d3c97c39a9a7d42bb575a102e32
              • Opcode Fuzzy Hash: 6ef81ca5a3402026bd60858e726a36678586aec0bf5751e93b406e9023e41360
              • Instruction Fuzzy Hash: B341CBB1901215DFDB219FA9CC44AAEBBF9FF54B50F04422EEA05DB364D7708801CB65