Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
Analysis ID:1544775
MD5:2763fecbfb15082ec14ac94fa9fac1c4
SHA1:b089305b32852d595949e043a832e81569dc4f01
SHA256:d36e2205185dc5e60a4036f2f7ab73952ee57b9936ff4c7241f4f50bdd615390
Tags:exe
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe PID: 5084JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeReversingLabs: Detection: 29%
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 4x nop then jmp 072A3287h0_2_072A287D
          Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D0804 NtQueryInformationProcess,0_2_068D0804
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D5FB0 NtQueryInformationProcess,0_2_068D5FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0042C433 NtClose,3_2_0042C433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040A9E3 NtAllocateVirtualMemory,3_2_0040A9E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01252DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01254340 NtSetContextThread,3_2_01254340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01254650 NtSuspendThread,3_2_01254650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252B60 NtClose,3_2_01252B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252BA0 NtEnumerateValueKey,3_2_01252BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252B80 NtQueryInformationFile,3_2_01252B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252BE0 NtQueryValueKey,3_2_01252BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252BF0 NtAllocateVirtualMemory,3_2_01252BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252AB0 NtWaitForSingleObject,3_2_01252AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252AF0 NtWriteFile,3_2_01252AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252AD0 NtReadFile,3_2_01252AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252D30 NtUnmapViewOfSection,3_2_01252D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252D00 NtSetInformationFile,3_2_01252D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252D10 NtMapViewOfSection,3_2_01252D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252DB0 NtEnumerateKey,3_2_01252DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252DD0 NtDelayExecution,3_2_01252DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252C00 NtQueryInformationProcess,3_2_01252C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252C60 NtCreateKey,3_2_01252C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252C70 NtFreeVirtualMemory,3_2_01252C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252CA0 NtQueryInformationToken,3_2_01252CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252CF0 NtOpenProcess,3_2_01252CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252CC0 NtQueryVirtualMemory,3_2_01252CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252F30 NtCreateSection,3_2_01252F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252F60 NtCreateProcessEx,3_2_01252F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252FA0 NtQuerySection,3_2_01252FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252FB0 NtResumeThread,3_2_01252FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252F90 NtProtectVirtualMemory,3_2_01252F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252FE0 NtCreateFile,3_2_01252FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252E30 NtWriteVirtualMemory,3_2_01252E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252EA0 NtAdjustPrivilegesToken,3_2_01252EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252E80 NtReadVirtualMemory,3_2_01252E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252EE0 NtQueueApcThread,3_2_01252EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01253010 NtOpenDirectoryObject,3_2_01253010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01253090 NtSetValueKey,3_2_01253090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012535C0 NtCreateMutant,3_2_012535C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012539B0 NtGetContextThread,3_2_012539B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01253D10 NtOpenProcessToken,3_2_01253D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01253D70 NtOpenThread,3_2_01253D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_0256DC4C0_2_0256DC4C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_04AC02C80_2_04AC02C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_04AC02D80_2_04AC02D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D32B00_2_068D32B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D1FE00_2_068D1FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068DE70D0_2_068DE70D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D32A00_2_068D32A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D53C80_2_068D53C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068DF3C10_2_068DF3C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068DF3D00_2_068DF3D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D61380_2_068D6138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D4F800_2_068D4F80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068DEF980_2_068DEF98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D1FD00_2_068D1FD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D7F680_2_068D7F68
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D7F780_2_068D7F78
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D7CF90_2_068D7CF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D7D080_2_068D7D08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068DEB600_2_068DEB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D58880_2_068D5888
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068F60840_2_068F6084
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068F75490_2_068F7549
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068F607C0_2_068F607C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_072A49480_2_072A4948
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_072A08380_2_072A0838
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_072A08480_2_072A0848
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_004011103_2_00401110
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040E13B3_2_0040E13B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0042EAD33_2_0042EAD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_004023703_2_00402370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040FCC33_2_0040FCC3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_004166133_2_00416613
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040FEE33_2_0040FEE3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040DF633_2_0040DF63
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_004027103_2_00402710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00402FD03_2_00402FD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012101003_2_01210100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BA1183_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A81583_2_012A8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E01AA3_2_012E01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D41A23_2_012D41A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D81CC3_2_012D81CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B20003_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DA3523_2_012DA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E03E63_2_012E03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E3F03_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C02743_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A02C03_2_012A02C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012205353_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E05913_2_012E0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C44203_2_012C4420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D24463_2_012D2446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CE4F63_2_012CE4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012207703_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012447503_2_01244750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121C7C03_2_0121C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123C6E03_2_0123C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012369623_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A03_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012EA9A63_2_012EA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012228403_2_01222840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122A8403_2_0122A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012068B83_2_012068B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E8F03_2_0124E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DAB403_2_012DAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D6BD73_2_012D6BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA803_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122AD003_2_0122AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BCD1F3_2_012BCD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01238DBF3_2_01238DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121ADE03_2_0121ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220C003_2_01220C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0CB53_2_012C0CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210CF23_2_01210CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01262F283_2_01262F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01240F303_2_01240F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C2F303_2_012C2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01294F403_2_01294F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129EFA03_2_0129EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122CFE03_2_0122CFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01212FC83_2_01212FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DEE263_2_012DEE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220E593_2_01220E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232E903_2_01232E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DCE933_2_012DCE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DEEDB3_2_012DEEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012EB16B3_2_012EB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125516C3_2_0125516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120F1723_2_0120F172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122B1B03_2_0122B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D70E93_2_012D70E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DF0E03_2_012DF0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CF0CC3_2_012CF0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012270C03_2_012270C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D132D3_2_012D132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120D34C3_2_0120D34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0126739A3_2_0126739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012252A03_2_012252A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C12ED3_2_012C12ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123B2C03_2_0123B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D75713_2_012D7571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BD5B03_2_012BD5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E95C33_2_012E95C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DF43F3_2_012DF43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012114603_2_01211460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DF7B03_2_012DF7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012656303_2_01265630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D16CC3_2_012D16CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B59103_2_012B5910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012299503_2_01229950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123B9503_2_0123B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128D8003_2_0128D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012238E03_2_012238E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DFB763_2_012DFB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123FB803_2_0123FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01295BF03_2_01295BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125DBF93_2_0125DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01293A6C3_2_01293A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DFA493_2_012DFA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D7A463_2_012D7A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01265AA03_2_01265AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BDAAC3_2_012BDAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C1AA33_2_012C1AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CDAC63_2_012CDAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D7D733_2_012D7D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01223D403_2_01223D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D1D5A3_2_012D1D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123FDC03_2_0123FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01299C323_2_01299C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DFCF23_2_012DFCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DFF093_2_012DFF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DFFB13_2_012DFFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01221F923_2_01221F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_011E3FD53_2_011E3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_011E3FD23_2_011E3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01229EB03_2_01229EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: String function: 0129F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: String function: 01267E54 appears 111 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: String function: 01255130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: String function: 0120B970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: String function: 0128EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 196
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000000.00000002.2088566894.0000000007510000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000000.00000002.2084560443.000000000074E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000000.00000000.2051457768.0000000000266000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFHYu.exe6 vs SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000003.00000002.2427461865.000000000130D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeBinary or memory string: OriginalFilenameFHYu.exe6 vs SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, oDmks4vR8QhPleVm8Q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, oDmks4vR8QhPleVm8Q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, JSMfPCP01IlU38EZYF.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, oDmks4vR8QhPleVm8Q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: classification engineClassification label: mal80.troj.evad.winEXE@4/6@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5968
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\d559afbe-75f6-4dd5-a391-449e7ac1fde3Jump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeReversingLabs: Detection: 29%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 196
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe, 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, JSMfPCP01IlU38EZYF.cs.Net Code: XgslZvYgD2 System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.50c0000.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, JSMfPCP01IlU38EZYF.cs.Net Code: XgslZvYgD2 System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, JSMfPCP01IlU38EZYF.cs.Net Code: XgslZvYgD2 System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 0_2_068D48D0 push eax; iretd 0_2_068D48D1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0041594D push 899D5642h; ret 3_2_00415952
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00406155 push ss; retf 3_2_00406160
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00403270 push eax; ret 3_2_00403272
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040227F pushad ; retf 3_2_00402280
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0040BB30 push eax; ret 3_2_0040BB31
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00415468 push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0041547D push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_004154C2 push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0041548F push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00404DCD push ebx; iretd 3_2_00404DD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_004066BD push edx; iretd 3_2_004066BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00413F7E pushad ; retf 3_2_00414025
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_00413FC5 pushad ; retf 3_2_00414025
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_011E225F pushad ; ret 3_2_011E27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_011E27FA pushad ; ret 3_2_011E27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012109AD push ecx; mov dword ptr [esp], ecx3_2_012109B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_011E283D push eax; iretd 3_2_011E2858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_011E1368 push eax; iretd 3_2_011E1369
          Source: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeStatic PE information: section name: .text entropy: 7.719973822416818
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, pl5wmnDurh18BtWGIF.csHigh entropy of concatenated method names: 'S0MqtM1LF9', 'QO5qscifVY', 'josqrUkc3y', 'Y1SqLbyL6e', 'nuRqYdlA1q', 'Yh5qMwkJmR', 'Fv2qPBbHru', 'vBMq09EMVq', 'avcqFkAcun', 'pjAqUHy0p4'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, Qgd15EZ6jwyiUywbgW.csHigh entropy of concatenated method names: 'vHGxQloh3n', 'OFcxBZ9NPS', 'hcDq7XdkbE', 'i9cqybewGC', 'Om6qTYBVuT', 'Bngq5jmZ1y', 'lR8qWelu7t', 'noYqi4vDQj', 'EeEqmvewKv', 'J5aqDBdiwF'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, ATYGFD2wXtqJg3gDyf.csHigh entropy of concatenated method names: 'LV80AX6biY', 'VMW04eiUdq', 'ojJ078AyDj', 'PMM0yiToMR', 'n1P0oxucIe', 'Gdj0TqEeRs', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, juTm79ppa9p7UEap2f.csHigh entropy of concatenated method names: 'gjpGv9DENL', 'Nh9GhF6Be9', 'pJEGKLh13N', 'T3oG9GNH04', 'mjuGYeZoTQ', 'jJ7GMHO8Qm', 'mBgorSaDt42u19nCXD', 'XrgAeDTBwuYakxmpfl', 'QWvGGaqCaF', 'MvOGn4WGgr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, f3gvUVeMewlN2pseiH.csHigh entropy of concatenated method names: 'XC56rlMgeL', 'QhS6LIIqIK', 'dtJ6AMIPeK', 't2164rXe12', 'dir6yGbF8T', 'hqP6T2msfO', 'RU86WauSOg', 'pYa6iyPFHo', 'Ft66D9iW3L', 'uFo6jAo7dZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, oDmks4vR8QhPleVm8Q.csHigh entropy of concatenated method names: 'iLrEo56NWY', 'hSSEpnAyv4', 'nphEaYsplw', 'BoOEc5xHhW', 'e5KEHFFnPW', 'zcSEk3T8Gm', 'ChkEbLpCkQ', 'e9UEgu5gQ8', 'K0ZE8wIego', 'rItEI3kDrG'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, oCZIIK1jWdZHWeVfOe.csHigh entropy of concatenated method names: 'ksPXebi5hK', 'XHfXEVR8Lq', 's3wXxt4nOq', 'lt8XvSDMWI', 'nI2XhtgcN0', 'H2FxHFmvLw', 'obuxkFZMM9', 'C4HxbAiXYG', 'f3uxghh34O', 'k19x8JV6BB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, B8ybK2lQu8bnIYaYcH.csHigh entropy of concatenated method names: 'Dispose', 'QwFG8lebPw', 'gCKR4KUbW9', 'QVrwwgbhl0', 'prcGIXOhNr', 'R2vGz34QAb', 'ProcessDialogKey', 'r2DRCBjCrD', 'GrYRG7GjHu', 'tqqRRC9f9Y'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, iW8hxH6IQ0MXe8sU2b.csHigh entropy of concatenated method names: 'RMcZFmpZm', 'Si0tt4kZY', 'zqCsMSsrS', 'mrCBFQiaI', 'VxOLNIqDs', 'CswfjNbuD', 'k6mrEx6tHvEnDIXwIB', 'ltU0fI8AyYqHYAY44P', 'vdT0LksLh', 'aipUI52oc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, ROVyoJz5l83Ki5qfpT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'V5UF6NEVXo', 'aWjFYPWuHH', 'CdPFMpPFg5', 'qNUFPTm8vP', 'AA8F0RaQyw', 'DoZFFCrm7H', 'RkqFUH9TVX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, eiPtNSoXYJqgZcp3xb.csHigh entropy of concatenated method names: 'QkuPKIgZQp', 'FDAP99cr7X', 'ToString', 'GBYPScUgnV', 'LXNPEZKksW', 'gToPqUaZAs', 'b6mPxniPW7', 'iW2PXBw904', 'QtbPvB8CQj', 'S5NPhJwA3l'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, AVqZ4qQpLUUbbPyI3U.csHigh entropy of concatenated method names: 'T9HFGbsfgN', 'Ej3FnukDOD', 'WK6FlSbt9s', 'LckFSYLmJb', 'pp0FEDuq5N', 'p8nFxJXbRQ', 'ntoFXasF1u', 'eS70bQsYcX', 'nRr0gxEM6P', 'qjl08Rawe5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, Ojo3DNrBJE6UF9NA2gx.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hmbUoSPq0x', 'W3EUpQ6xbi', 's9YUaKMbyI', 'AKWUcH7WnT', 'PkyUHGiaV1', 'A0NUkwPgNE', 'TQfUbS8QsK'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, rW43cvdpLEQH9fuRpB.csHigh entropy of concatenated method names: 'IE00S2719h', 'saO0ExI1rA', 'jH40qmPsiA', 'F5n0xc2Fq9', 'Va10XtNI8B', 'Wji0vqrdsB', 'hKL0hZ7bJ8', 'jUB0ONf5vp', 'iJc0KypD1q', 'G0y09heoj5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, oJA3GDxRV5e0Rce91u.csHigh entropy of concatenated method names: 'boRv1gCoAv', 'fKwvub9NFX', 'zepvZh1r2h', 'ccbvt75jWR', 'SPwvQXg94B', 'NPRvsKADmt', 'eHOvB6rson', 'pvvvrf2CS5', 'TAavLnhGsE', 'v2YvfWmHCb'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, w2wIjVrk8L42RsXS0lW.csHigh entropy of concatenated method names: 'fPjF1BIQPq', 'UatFurl4b8', 'vpKFZlKgZ5', 'vvvFtBY16c', 'tphFQV3LxJ', 'mviFscQS4a', 'eG9FBu5U3C', 'aBjFruqJlQ', 'pwXFLSnwLg', 'AEeFfBExfc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, lLlXWNwQf15XMbxaeI.csHigh entropy of concatenated method names: 'PjYPgZ6Cgu', 'GXwPIQ8T2u', 'Cbb0CQ05Gk', 'D6n0GucjcD', 'lmOPj18Kte', 'HMaP2Z8sKA', 'NV7P3UNfXy', 'efXPoYvh6y', 'risPphoR6t', 'ROvPai9wwc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, kUK7OXRlFZ3xidKEtG.csHigh entropy of concatenated method names: 'O3FYDFSXFr', 'Wx5Y2LHow3', 'uOiYoLK4kg', 'cmqYpSbNKI', 'vsbY4Bmx8D', 'k5SY7Q50yQ', 'JRQYypFD7k', 'UqsYTd9V81', 'PPQY5yf4ct', 'XxWYWmtHO0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.40e7988.0.raw.unpack, JSMfPCP01IlU38EZYF.csHigh entropy of concatenated method names: 'g3tnehuuCr', 'F4PnSKPHQo', 'hbUnETQ7Su', 'TmAnqH73gv', 'OrwnxOna4p', 'NYRnX4MgKq', 'M5Wnvr1aa5', 'ddLnhkf5tH', 'qqBnOaubGP', 'YYanKtPNxh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, pl5wmnDurh18BtWGIF.csHigh entropy of concatenated method names: 'S0MqtM1LF9', 'QO5qscifVY', 'josqrUkc3y', 'Y1SqLbyL6e', 'nuRqYdlA1q', 'Yh5qMwkJmR', 'Fv2qPBbHru', 'vBMq09EMVq', 'avcqFkAcun', 'pjAqUHy0p4'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, Qgd15EZ6jwyiUywbgW.csHigh entropy of concatenated method names: 'vHGxQloh3n', 'OFcxBZ9NPS', 'hcDq7XdkbE', 'i9cqybewGC', 'Om6qTYBVuT', 'Bngq5jmZ1y', 'lR8qWelu7t', 'noYqi4vDQj', 'EeEqmvewKv', 'J5aqDBdiwF'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, ATYGFD2wXtqJg3gDyf.csHigh entropy of concatenated method names: 'LV80AX6biY', 'VMW04eiUdq', 'ojJ078AyDj', 'PMM0yiToMR', 'n1P0oxucIe', 'Gdj0TqEeRs', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, juTm79ppa9p7UEap2f.csHigh entropy of concatenated method names: 'gjpGv9DENL', 'Nh9GhF6Be9', 'pJEGKLh13N', 'T3oG9GNH04', 'mjuGYeZoTQ', 'jJ7GMHO8Qm', 'mBgorSaDt42u19nCXD', 'XrgAeDTBwuYakxmpfl', 'QWvGGaqCaF', 'MvOGn4WGgr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, f3gvUVeMewlN2pseiH.csHigh entropy of concatenated method names: 'XC56rlMgeL', 'QhS6LIIqIK', 'dtJ6AMIPeK', 't2164rXe12', 'dir6yGbF8T', 'hqP6T2msfO', 'RU86WauSOg', 'pYa6iyPFHo', 'Ft66D9iW3L', 'uFo6jAo7dZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, oDmks4vR8QhPleVm8Q.csHigh entropy of concatenated method names: 'iLrEo56NWY', 'hSSEpnAyv4', 'nphEaYsplw', 'BoOEc5xHhW', 'e5KEHFFnPW', 'zcSEk3T8Gm', 'ChkEbLpCkQ', 'e9UEgu5gQ8', 'K0ZE8wIego', 'rItEI3kDrG'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, oCZIIK1jWdZHWeVfOe.csHigh entropy of concatenated method names: 'ksPXebi5hK', 'XHfXEVR8Lq', 's3wXxt4nOq', 'lt8XvSDMWI', 'nI2XhtgcN0', 'H2FxHFmvLw', 'obuxkFZMM9', 'C4HxbAiXYG', 'f3uxghh34O', 'k19x8JV6BB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, B8ybK2lQu8bnIYaYcH.csHigh entropy of concatenated method names: 'Dispose', 'QwFG8lebPw', 'gCKR4KUbW9', 'QVrwwgbhl0', 'prcGIXOhNr', 'R2vGz34QAb', 'ProcessDialogKey', 'r2DRCBjCrD', 'GrYRG7GjHu', 'tqqRRC9f9Y'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, iW8hxH6IQ0MXe8sU2b.csHigh entropy of concatenated method names: 'RMcZFmpZm', 'Si0tt4kZY', 'zqCsMSsrS', 'mrCBFQiaI', 'VxOLNIqDs', 'CswfjNbuD', 'k6mrEx6tHvEnDIXwIB', 'ltU0fI8AyYqHYAY44P', 'vdT0LksLh', 'aipUI52oc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, ROVyoJz5l83Ki5qfpT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'V5UF6NEVXo', 'aWjFYPWuHH', 'CdPFMpPFg5', 'qNUFPTm8vP', 'AA8F0RaQyw', 'DoZFFCrm7H', 'RkqFUH9TVX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, eiPtNSoXYJqgZcp3xb.csHigh entropy of concatenated method names: 'QkuPKIgZQp', 'FDAP99cr7X', 'ToString', 'GBYPScUgnV', 'LXNPEZKksW', 'gToPqUaZAs', 'b6mPxniPW7', 'iW2PXBw904', 'QtbPvB8CQj', 'S5NPhJwA3l'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, AVqZ4qQpLUUbbPyI3U.csHigh entropy of concatenated method names: 'T9HFGbsfgN', 'Ej3FnukDOD', 'WK6FlSbt9s', 'LckFSYLmJb', 'pp0FEDuq5N', 'p8nFxJXbRQ', 'ntoFXasF1u', 'eS70bQsYcX', 'nRr0gxEM6P', 'qjl08Rawe5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, Ojo3DNrBJE6UF9NA2gx.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hmbUoSPq0x', 'W3EUpQ6xbi', 's9YUaKMbyI', 'AKWUcH7WnT', 'PkyUHGiaV1', 'A0NUkwPgNE', 'TQfUbS8QsK'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, rW43cvdpLEQH9fuRpB.csHigh entropy of concatenated method names: 'IE00S2719h', 'saO0ExI1rA', 'jH40qmPsiA', 'F5n0xc2Fq9', 'Va10XtNI8B', 'Wji0vqrdsB', 'hKL0hZ7bJ8', 'jUB0ONf5vp', 'iJc0KypD1q', 'G0y09heoj5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, oJA3GDxRV5e0Rce91u.csHigh entropy of concatenated method names: 'boRv1gCoAv', 'fKwvub9NFX', 'zepvZh1r2h', 'ccbvt75jWR', 'SPwvQXg94B', 'NPRvsKADmt', 'eHOvB6rson', 'pvvvrf2CS5', 'TAavLnhGsE', 'v2YvfWmHCb'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, w2wIjVrk8L42RsXS0lW.csHigh entropy of concatenated method names: 'fPjF1BIQPq', 'UatFurl4b8', 'vpKFZlKgZ5', 'vvvFtBY16c', 'tphFQV3LxJ', 'mviFscQS4a', 'eG9FBu5U3C', 'aBjFruqJlQ', 'pwXFLSnwLg', 'AEeFfBExfc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, lLlXWNwQf15XMbxaeI.csHigh entropy of concatenated method names: 'PjYPgZ6Cgu', 'GXwPIQ8T2u', 'Cbb0CQ05Gk', 'D6n0GucjcD', 'lmOPj18Kte', 'HMaP2Z8sKA', 'NV7P3UNfXy', 'efXPoYvh6y', 'risPphoR6t', 'ROvPai9wwc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, kUK7OXRlFZ3xidKEtG.csHigh entropy of concatenated method names: 'O3FYDFSXFr', 'Wx5Y2LHow3', 'uOiYoLK4kg', 'cmqYpSbNKI', 'vsbY4Bmx8D', 'k5SY7Q50yQ', 'JRQYypFD7k', 'UqsYTd9V81', 'PPQY5yf4ct', 'XxWYWmtHO0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.7510000.3.raw.unpack, JSMfPCP01IlU38EZYF.csHigh entropy of concatenated method names: 'g3tnehuuCr', 'F4PnSKPHQo', 'hbUnETQ7Su', 'TmAnqH73gv', 'OrwnxOna4p', 'NYRnX4MgKq', 'M5Wnvr1aa5', 'ddLnhkf5tH', 'qqBnOaubGP', 'YYanKtPNxh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, pl5wmnDurh18BtWGIF.csHigh entropy of concatenated method names: 'S0MqtM1LF9', 'QO5qscifVY', 'josqrUkc3y', 'Y1SqLbyL6e', 'nuRqYdlA1q', 'Yh5qMwkJmR', 'Fv2qPBbHru', 'vBMq09EMVq', 'avcqFkAcun', 'pjAqUHy0p4'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, Qgd15EZ6jwyiUywbgW.csHigh entropy of concatenated method names: 'vHGxQloh3n', 'OFcxBZ9NPS', 'hcDq7XdkbE', 'i9cqybewGC', 'Om6qTYBVuT', 'Bngq5jmZ1y', 'lR8qWelu7t', 'noYqi4vDQj', 'EeEqmvewKv', 'J5aqDBdiwF'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, ATYGFD2wXtqJg3gDyf.csHigh entropy of concatenated method names: 'LV80AX6biY', 'VMW04eiUdq', 'ojJ078AyDj', 'PMM0yiToMR', 'n1P0oxucIe', 'Gdj0TqEeRs', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, juTm79ppa9p7UEap2f.csHigh entropy of concatenated method names: 'gjpGv9DENL', 'Nh9GhF6Be9', 'pJEGKLh13N', 'T3oG9GNH04', 'mjuGYeZoTQ', 'jJ7GMHO8Qm', 'mBgorSaDt42u19nCXD', 'XrgAeDTBwuYakxmpfl', 'QWvGGaqCaF', 'MvOGn4WGgr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, f3gvUVeMewlN2pseiH.csHigh entropy of concatenated method names: 'XC56rlMgeL', 'QhS6LIIqIK', 'dtJ6AMIPeK', 't2164rXe12', 'dir6yGbF8T', 'hqP6T2msfO', 'RU86WauSOg', 'pYa6iyPFHo', 'Ft66D9iW3L', 'uFo6jAo7dZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, oDmks4vR8QhPleVm8Q.csHigh entropy of concatenated method names: 'iLrEo56NWY', 'hSSEpnAyv4', 'nphEaYsplw', 'BoOEc5xHhW', 'e5KEHFFnPW', 'zcSEk3T8Gm', 'ChkEbLpCkQ', 'e9UEgu5gQ8', 'K0ZE8wIego', 'rItEI3kDrG'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, oCZIIK1jWdZHWeVfOe.csHigh entropy of concatenated method names: 'ksPXebi5hK', 'XHfXEVR8Lq', 's3wXxt4nOq', 'lt8XvSDMWI', 'nI2XhtgcN0', 'H2FxHFmvLw', 'obuxkFZMM9', 'C4HxbAiXYG', 'f3uxghh34O', 'k19x8JV6BB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, B8ybK2lQu8bnIYaYcH.csHigh entropy of concatenated method names: 'Dispose', 'QwFG8lebPw', 'gCKR4KUbW9', 'QVrwwgbhl0', 'prcGIXOhNr', 'R2vGz34QAb', 'ProcessDialogKey', 'r2DRCBjCrD', 'GrYRG7GjHu', 'tqqRRC9f9Y'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, iW8hxH6IQ0MXe8sU2b.csHigh entropy of concatenated method names: 'RMcZFmpZm', 'Si0tt4kZY', 'zqCsMSsrS', 'mrCBFQiaI', 'VxOLNIqDs', 'CswfjNbuD', 'k6mrEx6tHvEnDIXwIB', 'ltU0fI8AyYqHYAY44P', 'vdT0LksLh', 'aipUI52oc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, ROVyoJz5l83Ki5qfpT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'V5UF6NEVXo', 'aWjFYPWuHH', 'CdPFMpPFg5', 'qNUFPTm8vP', 'AA8F0RaQyw', 'DoZFFCrm7H', 'RkqFUH9TVX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, eiPtNSoXYJqgZcp3xb.csHigh entropy of concatenated method names: 'QkuPKIgZQp', 'FDAP99cr7X', 'ToString', 'GBYPScUgnV', 'LXNPEZKksW', 'gToPqUaZAs', 'b6mPxniPW7', 'iW2PXBw904', 'QtbPvB8CQj', 'S5NPhJwA3l'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, AVqZ4qQpLUUbbPyI3U.csHigh entropy of concatenated method names: 'T9HFGbsfgN', 'Ej3FnukDOD', 'WK6FlSbt9s', 'LckFSYLmJb', 'pp0FEDuq5N', 'p8nFxJXbRQ', 'ntoFXasF1u', 'eS70bQsYcX', 'nRr0gxEM6P', 'qjl08Rawe5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, Ojo3DNrBJE6UF9NA2gx.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hmbUoSPq0x', 'W3EUpQ6xbi', 's9YUaKMbyI', 'AKWUcH7WnT', 'PkyUHGiaV1', 'A0NUkwPgNE', 'TQfUbS8QsK'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, rW43cvdpLEQH9fuRpB.csHigh entropy of concatenated method names: 'IE00S2719h', 'saO0ExI1rA', 'jH40qmPsiA', 'F5n0xc2Fq9', 'Va10XtNI8B', 'Wji0vqrdsB', 'hKL0hZ7bJ8', 'jUB0ONf5vp', 'iJc0KypD1q', 'G0y09heoj5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, oJA3GDxRV5e0Rce91u.csHigh entropy of concatenated method names: 'boRv1gCoAv', 'fKwvub9NFX', 'zepvZh1r2h', 'ccbvt75jWR', 'SPwvQXg94B', 'NPRvsKADmt', 'eHOvB6rson', 'pvvvrf2CS5', 'TAavLnhGsE', 'v2YvfWmHCb'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, w2wIjVrk8L42RsXS0lW.csHigh entropy of concatenated method names: 'fPjF1BIQPq', 'UatFurl4b8', 'vpKFZlKgZ5', 'vvvFtBY16c', 'tphFQV3LxJ', 'mviFscQS4a', 'eG9FBu5U3C', 'aBjFruqJlQ', 'pwXFLSnwLg', 'AEeFfBExfc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, lLlXWNwQf15XMbxaeI.csHigh entropy of concatenated method names: 'PjYPgZ6Cgu', 'GXwPIQ8T2u', 'Cbb0CQ05Gk', 'D6n0GucjcD', 'lmOPj18Kte', 'HMaP2Z8sKA', 'NV7P3UNfXy', 'efXPoYvh6y', 'risPphoR6t', 'ROvPai9wwc'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, kUK7OXRlFZ3xidKEtG.csHigh entropy of concatenated method names: 'O3FYDFSXFr', 'Wx5Y2LHow3', 'uOiYoLK4kg', 'cmqYpSbNKI', 'vsbY4Bmx8D', 'k5SY7Q50yQ', 'JRQYypFD7k', 'UqsYTd9V81', 'PPQY5yf4ct', 'XxWYWmtHO0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.405fb68.1.raw.unpack, JSMfPCP01IlU38EZYF.csHigh entropy of concatenated method names: 'g3tnehuuCr', 'F4PnSKPHQo', 'hbUnETQ7Su', 'TmAnqH73gv', 'OrwnxOna4p', 'NYRnX4MgKq', 'M5Wnvr1aa5', 'ddLnhkf5tH', 'qqBnOaubGP', 'YYanKtPNxh'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe PID: 5084, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: 2370000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: 2590000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: 24C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: 8970000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: 9970000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: 9B80000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: AB80000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: B2A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: C2A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: D2A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125096E rdtsc 3_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe TID: 6416Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.6.drBinary or memory string: VMware
          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.6.drBinary or memory string: vmci.sys
          Source: Amcache.hve.6.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.6.drBinary or memory string: VMware20,1
          Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125096E rdtsc 3_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01252DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01240124 mov eax, dword ptr fs:[00000030h]3_2_01240124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov eax, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov ecx, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov eax, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov eax, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov ecx, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov eax, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov eax, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov ecx, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov eax, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE10E mov ecx, dword ptr fs:[00000030h]3_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BA118 mov ecx, dword ptr fs:[00000030h]3_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BA118 mov eax, dword ptr fs:[00000030h]3_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BA118 mov eax, dword ptr fs:[00000030h]3_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BA118 mov eax, dword ptr fs:[00000030h]3_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D0115 mov eax, dword ptr fs:[00000030h]3_2_012D0115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4164 mov eax, dword ptr fs:[00000030h]3_2_012E4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4164 mov eax, dword ptr fs:[00000030h]3_2_012E4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A4144 mov eax, dword ptr fs:[00000030h]3_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A4144 mov eax, dword ptr fs:[00000030h]3_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A4144 mov ecx, dword ptr fs:[00000030h]3_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A4144 mov eax, dword ptr fs:[00000030h]3_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A4144 mov eax, dword ptr fs:[00000030h]3_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A8158 mov eax, dword ptr fs:[00000030h]3_2_012A8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216154 mov eax, dword ptr fs:[00000030h]3_2_01216154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216154 mov eax, dword ptr fs:[00000030h]3_2_01216154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120C156 mov eax, dword ptr fs:[00000030h]3_2_0120C156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01250185 mov eax, dword ptr fs:[00000030h]3_2_01250185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CC188 mov eax, dword ptr fs:[00000030h]3_2_012CC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CC188 mov eax, dword ptr fs:[00000030h]3_2_012CC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B4180 mov eax, dword ptr fs:[00000030h]3_2_012B4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B4180 mov eax, dword ptr fs:[00000030h]3_2_012B4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129019F mov eax, dword ptr fs:[00000030h]3_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129019F mov eax, dword ptr fs:[00000030h]3_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129019F mov eax, dword ptr fs:[00000030h]3_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129019F mov eax, dword ptr fs:[00000030h]3_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120A197 mov eax, dword ptr fs:[00000030h]3_2_0120A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120A197 mov eax, dword ptr fs:[00000030h]3_2_0120A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120A197 mov eax, dword ptr fs:[00000030h]3_2_0120A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E61E5 mov eax, dword ptr fs:[00000030h]3_2_012E61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012401F8 mov eax, dword ptr fs:[00000030h]3_2_012401F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D61C3 mov eax, dword ptr fs:[00000030h]3_2_012D61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D61C3 mov eax, dword ptr fs:[00000030h]3_2_012D61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E1D0 mov eax, dword ptr fs:[00000030h]3_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E1D0 mov eax, dword ptr fs:[00000030h]3_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E1D0 mov eax, dword ptr fs:[00000030h]3_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E1D0 mov eax, dword ptr fs:[00000030h]3_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120A020 mov eax, dword ptr fs:[00000030h]3_2_0120A020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120C020 mov eax, dword ptr fs:[00000030h]3_2_0120C020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A6030 mov eax, dword ptr fs:[00000030h]3_2_012A6030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01294000 mov ecx, dword ptr fs:[00000030h]3_2_01294000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B2000 mov eax, dword ptr fs:[00000030h]3_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E016 mov eax, dword ptr fs:[00000030h]3_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E016 mov eax, dword ptr fs:[00000030h]3_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E016 mov eax, dword ptr fs:[00000030h]3_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E016 mov eax, dword ptr fs:[00000030h]3_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123C073 mov eax, dword ptr fs:[00000030h]3_2_0123C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01212050 mov eax, dword ptr fs:[00000030h]3_2_01212050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296050 mov eax, dword ptr fs:[00000030h]3_2_01296050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012080A0 mov eax, dword ptr fs:[00000030h]3_2_012080A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A80A8 mov eax, dword ptr fs:[00000030h]3_2_012A80A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D60B8 mov eax, dword ptr fs:[00000030h]3_2_012D60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D60B8 mov ecx, dword ptr fs:[00000030h]3_2_012D60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121208A mov eax, dword ptr fs:[00000030h]3_2_0121208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0120A0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012180E9 mov eax, dword ptr fs:[00000030h]3_2_012180E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012960E0 mov eax, dword ptr fs:[00000030h]3_2_012960E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120C0F0 mov eax, dword ptr fs:[00000030h]3_2_0120C0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012520F0 mov ecx, dword ptr fs:[00000030h]3_2_012520F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012920DE mov eax, dword ptr fs:[00000030h]3_2_012920DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E8324 mov eax, dword ptr fs:[00000030h]3_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E8324 mov ecx, dword ptr fs:[00000030h]3_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E8324 mov eax, dword ptr fs:[00000030h]3_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E8324 mov eax, dword ptr fs:[00000030h]3_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A30B mov eax, dword ptr fs:[00000030h]3_2_0124A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A30B mov eax, dword ptr fs:[00000030h]3_2_0124A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A30B mov eax, dword ptr fs:[00000030h]3_2_0124A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120C310 mov ecx, dword ptr fs:[00000030h]3_2_0120C310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01230310 mov ecx, dword ptr fs:[00000030h]3_2_01230310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B437C mov eax, dword ptr fs:[00000030h]3_2_012B437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01292349 mov eax, dword ptr fs:[00000030h]3_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E634F mov eax, dword ptr fs:[00000030h]3_2_012E634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129035C mov eax, dword ptr fs:[00000030h]3_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129035C mov eax, dword ptr fs:[00000030h]3_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129035C mov eax, dword ptr fs:[00000030h]3_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129035C mov ecx, dword ptr fs:[00000030h]3_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129035C mov eax, dword ptr fs:[00000030h]3_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129035C mov eax, dword ptr fs:[00000030h]3_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B8350 mov ecx, dword ptr fs:[00000030h]3_2_012B8350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DA352 mov eax, dword ptr fs:[00000030h]3_2_012DA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120E388 mov eax, dword ptr fs:[00000030h]3_2_0120E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120E388 mov eax, dword ptr fs:[00000030h]3_2_0120E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120E388 mov eax, dword ptr fs:[00000030h]3_2_0120E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123438F mov eax, dword ptr fs:[00000030h]3_2_0123438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123438F mov eax, dword ptr fs:[00000030h]3_2_0123438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01208397 mov eax, dword ptr fs:[00000030h]3_2_01208397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01208397 mov eax, dword ptr fs:[00000030h]3_2_01208397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01208397 mov eax, dword ptr fs:[00000030h]3_2_01208397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012203E9 mov eax, dword ptr fs:[00000030h]3_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E3F0 mov eax, dword ptr fs:[00000030h]3_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E3F0 mov eax, dword ptr fs:[00000030h]3_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E3F0 mov eax, dword ptr fs:[00000030h]3_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012463FF mov eax, dword ptr fs:[00000030h]3_2_012463FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CC3CD mov eax, dword ptr fs:[00000030h]3_2_012CC3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A3C0 mov eax, dword ptr fs:[00000030h]3_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A3C0 mov eax, dword ptr fs:[00000030h]3_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A3C0 mov eax, dword ptr fs:[00000030h]3_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A3C0 mov eax, dword ptr fs:[00000030h]3_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A3C0 mov eax, dword ptr fs:[00000030h]3_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A3C0 mov eax, dword ptr fs:[00000030h]3_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012183C0 mov eax, dword ptr fs:[00000030h]3_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012183C0 mov eax, dword ptr fs:[00000030h]3_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012183C0 mov eax, dword ptr fs:[00000030h]3_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012183C0 mov eax, dword ptr fs:[00000030h]3_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012963C0 mov eax, dword ptr fs:[00000030h]3_2_012963C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE3DB mov eax, dword ptr fs:[00000030h]3_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE3DB mov eax, dword ptr fs:[00000030h]3_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE3DB mov ecx, dword ptr fs:[00000030h]3_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BE3DB mov eax, dword ptr fs:[00000030h]3_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B43D4 mov eax, dword ptr fs:[00000030h]3_2_012B43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B43D4 mov eax, dword ptr fs:[00000030h]3_2_012B43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120823B mov eax, dword ptr fs:[00000030h]3_2_0120823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214260 mov eax, dword ptr fs:[00000030h]3_2_01214260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214260 mov eax, dword ptr fs:[00000030h]3_2_01214260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214260 mov eax, dword ptr fs:[00000030h]3_2_01214260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120826B mov eax, dword ptr fs:[00000030h]3_2_0120826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C0274 mov eax, dword ptr fs:[00000030h]3_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01298243 mov eax, dword ptr fs:[00000030h]3_2_01298243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01298243 mov ecx, dword ptr fs:[00000030h]3_2_01298243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120A250 mov eax, dword ptr fs:[00000030h]3_2_0120A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E625D mov eax, dword ptr fs:[00000030h]3_2_012E625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216259 mov eax, dword ptr fs:[00000030h]3_2_01216259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CA250 mov eax, dword ptr fs:[00000030h]3_2_012CA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CA250 mov eax, dword ptr fs:[00000030h]3_2_012CA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012202A0 mov eax, dword ptr fs:[00000030h]3_2_012202A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012202A0 mov eax, dword ptr fs:[00000030h]3_2_012202A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A62A0 mov eax, dword ptr fs:[00000030h]3_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A62A0 mov ecx, dword ptr fs:[00000030h]3_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A62A0 mov eax, dword ptr fs:[00000030h]3_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A62A0 mov eax, dword ptr fs:[00000030h]3_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A62A0 mov eax, dword ptr fs:[00000030h]3_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A62A0 mov eax, dword ptr fs:[00000030h]3_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E284 mov eax, dword ptr fs:[00000030h]3_2_0124E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E284 mov eax, dword ptr fs:[00000030h]3_2_0124E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01290283 mov eax, dword ptr fs:[00000030h]3_2_01290283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01290283 mov eax, dword ptr fs:[00000030h]3_2_01290283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01290283 mov eax, dword ptr fs:[00000030h]3_2_01290283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012202E1 mov eax, dword ptr fs:[00000030h]3_2_012202E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012202E1 mov eax, dword ptr fs:[00000030h]3_2_012202E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012202E1 mov eax, dword ptr fs:[00000030h]3_2_012202E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A2C3 mov eax, dword ptr fs:[00000030h]3_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A2C3 mov eax, dword ptr fs:[00000030h]3_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A2C3 mov eax, dword ptr fs:[00000030h]3_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A2C3 mov eax, dword ptr fs:[00000030h]3_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A2C3 mov eax, dword ptr fs:[00000030h]3_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E62D6 mov eax, dword ptr fs:[00000030h]3_2_012E62D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220535 mov eax, dword ptr fs:[00000030h]3_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220535 mov eax, dword ptr fs:[00000030h]3_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220535 mov eax, dword ptr fs:[00000030h]3_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220535 mov eax, dword ptr fs:[00000030h]3_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220535 mov eax, dword ptr fs:[00000030h]3_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220535 mov eax, dword ptr fs:[00000030h]3_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E53E mov eax, dword ptr fs:[00000030h]3_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E53E mov eax, dword ptr fs:[00000030h]3_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E53E mov eax, dword ptr fs:[00000030h]3_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E53E mov eax, dword ptr fs:[00000030h]3_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E53E mov eax, dword ptr fs:[00000030h]3_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A6500 mov eax, dword ptr fs:[00000030h]3_2_012A6500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4500 mov eax, dword ptr fs:[00000030h]3_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124656A mov eax, dword ptr fs:[00000030h]3_2_0124656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124656A mov eax, dword ptr fs:[00000030h]3_2_0124656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124656A mov eax, dword ptr fs:[00000030h]3_2_0124656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218550 mov eax, dword ptr fs:[00000030h]3_2_01218550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218550 mov eax, dword ptr fs:[00000030h]3_2_01218550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012905A7 mov eax, dword ptr fs:[00000030h]3_2_012905A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012905A7 mov eax, dword ptr fs:[00000030h]3_2_012905A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012905A7 mov eax, dword ptr fs:[00000030h]3_2_012905A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012345B1 mov eax, dword ptr fs:[00000030h]3_2_012345B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012345B1 mov eax, dword ptr fs:[00000030h]3_2_012345B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01212582 mov eax, dword ptr fs:[00000030h]3_2_01212582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01212582 mov ecx, dword ptr fs:[00000030h]3_2_01212582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01244588 mov eax, dword ptr fs:[00000030h]3_2_01244588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E59C mov eax, dword ptr fs:[00000030h]3_2_0124E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012125E0 mov eax, dword ptr fs:[00000030h]3_2_012125E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E5E7 mov eax, dword ptr fs:[00000030h]3_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C5ED mov eax, dword ptr fs:[00000030h]3_2_0124C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C5ED mov eax, dword ptr fs:[00000030h]3_2_0124C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E5CF mov eax, dword ptr fs:[00000030h]3_2_0124E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E5CF mov eax, dword ptr fs:[00000030h]3_2_0124E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012165D0 mov eax, dword ptr fs:[00000030h]3_2_012165D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A5D0 mov eax, dword ptr fs:[00000030h]3_2_0124A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A5D0 mov eax, dword ptr fs:[00000030h]3_2_0124A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120E420 mov eax, dword ptr fs:[00000030h]3_2_0120E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120E420 mov eax, dword ptr fs:[00000030h]3_2_0120E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120E420 mov eax, dword ptr fs:[00000030h]3_2_0120E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120C427 mov eax, dword ptr fs:[00000030h]3_2_0120C427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01296420 mov eax, dword ptr fs:[00000030h]3_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A430 mov eax, dword ptr fs:[00000030h]3_2_0124A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01248402 mov eax, dword ptr fs:[00000030h]3_2_01248402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01248402 mov eax, dword ptr fs:[00000030h]3_2_01248402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01248402 mov eax, dword ptr fs:[00000030h]3_2_01248402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129C460 mov ecx, dword ptr fs:[00000030h]3_2_0129C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123A470 mov eax, dword ptr fs:[00000030h]3_2_0123A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123A470 mov eax, dword ptr fs:[00000030h]3_2_0123A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123A470 mov eax, dword ptr fs:[00000030h]3_2_0123A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124E443 mov eax, dword ptr fs:[00000030h]3_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123245A mov eax, dword ptr fs:[00000030h]3_2_0123245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CA456 mov eax, dword ptr fs:[00000030h]3_2_012CA456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120645D mov eax, dword ptr fs:[00000030h]3_2_0120645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012164AB mov eax, dword ptr fs:[00000030h]3_2_012164AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012444B0 mov ecx, dword ptr fs:[00000030h]3_2_012444B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129A4B0 mov eax, dword ptr fs:[00000030h]3_2_0129A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012CA49A mov eax, dword ptr fs:[00000030h]3_2_012CA49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012104E5 mov ecx, dword ptr fs:[00000030h]3_2_012104E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C720 mov eax, dword ptr fs:[00000030h]3_2_0124C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C720 mov eax, dword ptr fs:[00000030h]3_2_0124C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124273C mov eax, dword ptr fs:[00000030h]3_2_0124273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124273C mov ecx, dword ptr fs:[00000030h]3_2_0124273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124273C mov eax, dword ptr fs:[00000030h]3_2_0124273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128C730 mov eax, dword ptr fs:[00000030h]3_2_0128C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C700 mov eax, dword ptr fs:[00000030h]3_2_0124C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210710 mov eax, dword ptr fs:[00000030h]3_2_01210710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01240710 mov eax, dword ptr fs:[00000030h]3_2_01240710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218770 mov eax, dword ptr fs:[00000030h]3_2_01218770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220770 mov eax, dword ptr fs:[00000030h]3_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124674D mov esi, dword ptr fs:[00000030h]3_2_0124674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124674D mov eax, dword ptr fs:[00000030h]3_2_0124674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124674D mov eax, dword ptr fs:[00000030h]3_2_0124674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210750 mov eax, dword ptr fs:[00000030h]3_2_01210750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129E75D mov eax, dword ptr fs:[00000030h]3_2_0129E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252750 mov eax, dword ptr fs:[00000030h]3_2_01252750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252750 mov eax, dword ptr fs:[00000030h]3_2_01252750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01294755 mov eax, dword ptr fs:[00000030h]3_2_01294755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C47A0 mov eax, dword ptr fs:[00000030h]3_2_012C47A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012107AF mov eax, dword ptr fs:[00000030h]3_2_012107AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B678E mov eax, dword ptr fs:[00000030h]3_2_012B678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129E7E1 mov eax, dword ptr fs:[00000030h]3_2_0129E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012327ED mov eax, dword ptr fs:[00000030h]3_2_012327ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012327ED mov eax, dword ptr fs:[00000030h]3_2_012327ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012327ED mov eax, dword ptr fs:[00000030h]3_2_012327ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012147FB mov eax, dword ptr fs:[00000030h]3_2_012147FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012147FB mov eax, dword ptr fs:[00000030h]3_2_012147FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121C7C0 mov eax, dword ptr fs:[00000030h]3_2_0121C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012907C3 mov eax, dword ptr fs:[00000030h]3_2_012907C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01246620 mov eax, dword ptr fs:[00000030h]3_2_01246620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01248620 mov eax, dword ptr fs:[00000030h]3_2_01248620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122E627 mov eax, dword ptr fs:[00000030h]3_2_0122E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121262C mov eax, dword ptr fs:[00000030h]3_2_0121262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E609 mov eax, dword ptr fs:[00000030h]3_2_0128E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122260B mov eax, dword ptr fs:[00000030h]3_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01252619 mov eax, dword ptr fs:[00000030h]3_2_01252619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D866E mov eax, dword ptr fs:[00000030h]3_2_012D866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D866E mov eax, dword ptr fs:[00000030h]3_2_012D866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A660 mov eax, dword ptr fs:[00000030h]3_2_0124A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A660 mov eax, dword ptr fs:[00000030h]3_2_0124A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01242674 mov eax, dword ptr fs:[00000030h]3_2_01242674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0122C640 mov eax, dword ptr fs:[00000030h]3_2_0122C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C6A6 mov eax, dword ptr fs:[00000030h]3_2_0124C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012466B0 mov eax, dword ptr fs:[00000030h]3_2_012466B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214690 mov eax, dword ptr fs:[00000030h]3_2_01214690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214690 mov eax, dword ptr fs:[00000030h]3_2_01214690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012906F1 mov eax, dword ptr fs:[00000030h]3_2_012906F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012906F1 mov eax, dword ptr fs:[00000030h]3_2_012906F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E6F2 mov eax, dword ptr fs:[00000030h]3_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E6F2 mov eax, dword ptr fs:[00000030h]3_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E6F2 mov eax, dword ptr fs:[00000030h]3_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E6F2 mov eax, dword ptr fs:[00000030h]3_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0124A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A6C7 mov eax, dword ptr fs:[00000030h]3_2_0124A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A892B mov eax, dword ptr fs:[00000030h]3_2_012A892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129892A mov eax, dword ptr fs:[00000030h]3_2_0129892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E908 mov eax, dword ptr fs:[00000030h]3_2_0128E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128E908 mov eax, dword ptr fs:[00000030h]3_2_0128E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01208918 mov eax, dword ptr fs:[00000030h]3_2_01208918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01208918 mov eax, dword ptr fs:[00000030h]3_2_01208918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129C912 mov eax, dword ptr fs:[00000030h]3_2_0129C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01236962 mov eax, dword ptr fs:[00000030h]3_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01236962 mov eax, dword ptr fs:[00000030h]3_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01236962 mov eax, dword ptr fs:[00000030h]3_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125096E mov eax, dword ptr fs:[00000030h]3_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125096E mov edx, dword ptr fs:[00000030h]3_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0125096E mov eax, dword ptr fs:[00000030h]3_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B4978 mov eax, dword ptr fs:[00000030h]3_2_012B4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B4978 mov eax, dword ptr fs:[00000030h]3_2_012B4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129C97C mov eax, dword ptr fs:[00000030h]3_2_0129C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4940 mov eax, dword ptr fs:[00000030h]3_2_012E4940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01290946 mov eax, dword ptr fs:[00000030h]3_2_01290946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012229A0 mov eax, dword ptr fs:[00000030h]3_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012109AD mov eax, dword ptr fs:[00000030h]3_2_012109AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012109AD mov eax, dword ptr fs:[00000030h]3_2_012109AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012989B3 mov esi, dword ptr fs:[00000030h]3_2_012989B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012989B3 mov eax, dword ptr fs:[00000030h]3_2_012989B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012989B3 mov eax, dword ptr fs:[00000030h]3_2_012989B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129E9E0 mov eax, dword ptr fs:[00000030h]3_2_0129E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012429F9 mov eax, dword ptr fs:[00000030h]3_2_012429F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012429F9 mov eax, dword ptr fs:[00000030h]3_2_012429F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A69C0 mov eax, dword ptr fs:[00000030h]3_2_012A69C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A9D0 mov eax, dword ptr fs:[00000030h]3_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A9D0 mov eax, dword ptr fs:[00000030h]3_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A9D0 mov eax, dword ptr fs:[00000030h]3_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A9D0 mov eax, dword ptr fs:[00000030h]3_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A9D0 mov eax, dword ptr fs:[00000030h]3_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121A9D0 mov eax, dword ptr fs:[00000030h]3_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012449D0 mov eax, dword ptr fs:[00000030h]3_2_012449D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DA9D3 mov eax, dword ptr fs:[00000030h]3_2_012DA9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B483A mov eax, dword ptr fs:[00000030h]3_2_012B483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B483A mov eax, dword ptr fs:[00000030h]3_2_012B483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124A830 mov eax, dword ptr fs:[00000030h]3_2_0124A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232835 mov eax, dword ptr fs:[00000030h]3_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232835 mov eax, dword ptr fs:[00000030h]3_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232835 mov eax, dword ptr fs:[00000030h]3_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232835 mov ecx, dword ptr fs:[00000030h]3_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232835 mov eax, dword ptr fs:[00000030h]3_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01232835 mov eax, dword ptr fs:[00000030h]3_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129C810 mov eax, dword ptr fs:[00000030h]3_2_0129C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A6870 mov eax, dword ptr fs:[00000030h]3_2_012A6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A6870 mov eax, dword ptr fs:[00000030h]3_2_012A6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129E872 mov eax, dword ptr fs:[00000030h]3_2_0129E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129E872 mov eax, dword ptr fs:[00000030h]3_2_0129E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01222840 mov ecx, dword ptr fs:[00000030h]3_2_01222840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01240854 mov eax, dword ptr fs:[00000030h]3_2_01240854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214859 mov eax, dword ptr fs:[00000030h]3_2_01214859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01214859 mov eax, dword ptr fs:[00000030h]3_2_01214859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210887 mov eax, dword ptr fs:[00000030h]3_2_01210887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129C89D mov eax, dword ptr fs:[00000030h]3_2_0129C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DA8E4 mov eax, dword ptr fs:[00000030h]3_2_012DA8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C8F9 mov eax, dword ptr fs:[00000030h]3_2_0124C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124C8F9 mov eax, dword ptr fs:[00000030h]3_2_0124C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123E8C0 mov eax, dword ptr fs:[00000030h]3_2_0123E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E08C0 mov eax, dword ptr fs:[00000030h]3_2_012E08C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123EB20 mov eax, dword ptr fs:[00000030h]3_2_0123EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123EB20 mov eax, dword ptr fs:[00000030h]3_2_0123EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D8B28 mov eax, dword ptr fs:[00000030h]3_2_012D8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012D8B28 mov eax, dword ptr fs:[00000030h]3_2_012D8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E4B00 mov eax, dword ptr fs:[00000030h]3_2_012E4B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128EB1D mov eax, dword ptr fs:[00000030h]3_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0120CB7E mov eax, dword ptr fs:[00000030h]3_2_0120CB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C4B4B mov eax, dword ptr fs:[00000030h]3_2_012C4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C4B4B mov eax, dword ptr fs:[00000030h]3_2_012C4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012B8B42 mov eax, dword ptr fs:[00000030h]3_2_012B8B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A6B40 mov eax, dword ptr fs:[00000030h]3_2_012A6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012A6B40 mov eax, dword ptr fs:[00000030h]3_2_012A6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012DAB40 mov eax, dword ptr fs:[00000030h]3_2_012DAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01208B50 mov eax, dword ptr fs:[00000030h]3_2_01208B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E2B57 mov eax, dword ptr fs:[00000030h]3_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E2B57 mov eax, dword ptr fs:[00000030h]3_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E2B57 mov eax, dword ptr fs:[00000030h]3_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012E2B57 mov eax, dword ptr fs:[00000030h]3_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BEB50 mov eax, dword ptr fs:[00000030h]3_2_012BEB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220BBE mov eax, dword ptr fs:[00000030h]3_2_01220BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220BBE mov eax, dword ptr fs:[00000030h]3_2_01220BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C4BB0 mov eax, dword ptr fs:[00000030h]3_2_012C4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012C4BB0 mov eax, dword ptr fs:[00000030h]3_2_012C4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218BF0 mov eax, dword ptr fs:[00000030h]3_2_01218BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218BF0 mov eax, dword ptr fs:[00000030h]3_2_01218BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218BF0 mov eax, dword ptr fs:[00000030h]3_2_01218BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129CBF0 mov eax, dword ptr fs:[00000030h]3_2_0129CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123EBFC mov eax, dword ptr fs:[00000030h]3_2_0123EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01230BCB mov eax, dword ptr fs:[00000030h]3_2_01230BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01230BCB mov eax, dword ptr fs:[00000030h]3_2_01230BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01230BCB mov eax, dword ptr fs:[00000030h]3_2_01230BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210BCD mov eax, dword ptr fs:[00000030h]3_2_01210BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210BCD mov eax, dword ptr fs:[00000030h]3_2_01210BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01210BCD mov eax, dword ptr fs:[00000030h]3_2_01210BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BEBD0 mov eax, dword ptr fs:[00000030h]3_2_012BEBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124CA24 mov eax, dword ptr fs:[00000030h]3_2_0124CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0123EA2E mov eax, dword ptr fs:[00000030h]3_2_0123EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01234A35 mov eax, dword ptr fs:[00000030h]3_2_01234A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01234A35 mov eax, dword ptr fs:[00000030h]3_2_01234A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124CA38 mov eax, dword ptr fs:[00000030h]3_2_0124CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0129CA11 mov eax, dword ptr fs:[00000030h]3_2_0129CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124CA6F mov eax, dword ptr fs:[00000030h]3_2_0124CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124CA6F mov eax, dword ptr fs:[00000030h]3_2_0124CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0124CA6F mov eax, dword ptr fs:[00000030h]3_2_0124CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_012BEA60 mov eax, dword ptr fs:[00000030h]3_2_012BEA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128CA72 mov eax, dword ptr fs:[00000030h]3_2_0128CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0128CA72 mov eax, dword ptr fs:[00000030h]3_2_0128CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01216A50 mov eax, dword ptr fs:[00000030h]3_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220A5B mov eax, dword ptr fs:[00000030h]3_2_01220A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01220A5B mov eax, dword ptr fs:[00000030h]3_2_01220A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218AA0 mov eax, dword ptr fs:[00000030h]3_2_01218AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01218AA0 mov eax, dword ptr fs:[00000030h]3_2_01218AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_01266AA4 mov eax, dword ptr fs:[00000030h]3_2_01266AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeCode function: 3_2_0121EA80 mov eax, dword ptr fs:[00000030h]3_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS12
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe30%ReversingLabs
          SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://upx.sf.net0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netAmcache.hve.6.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1544775
          Start date and time:2024-10-29 18:25:08 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 24s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:10
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Detection:MAL
          Classification:mal80.troj.evad.winEXE@4/6@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 98%
          • Number of executed functions: 54
          • Number of non-executed functions: 245
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 20.189.173.21
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • VT rate limit hit for: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          13:25:59API Interceptor2x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe modified
          13:26:36API Interceptor1x Sleep call for process: WerFault.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_75c135f0ce3e17d6c1c9aa3903950babf53c231_09455e22_9ba49d06-01e8-48e0-9636-122ea563deab\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.6697045879951984
          Encrypted:false
          SSDEEP:96:hEipFVuMuaQI3ssWng/WlCiflQXIDcQvc6QcEVcw3cE/1bp+HbHsZAX/d5FMT2Sp:Bv/ua3sE0BU/AjlzuiFhZ24IO8bDV
          MD5:A0253745D4AB766EEA19D848098225ED
          SHA1:8582BCA1C06EC599F334CEDE95FA174C88A039B2
          SHA-256:F24506A47C0AD0B08F60CE11A10205E23436459D8EFA4459DD510B61272188DA
          SHA-512:983AA8388247ECACAA5D6D92B09A6687106D29E11DF645EE3CD349B7C8EF692D6D9D163FD1773D262271185C6634245D584F3D0010DD2BE3DB194AAD1A36CBC2
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.6.9.6.3.7.2.1.3.0.6.3.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.6.9.6.3.7.2.4.1.1.8.8.9.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.b.a.4.9.d.0.6.-.0.1.e.8.-.4.8.e.0.-.9.6.3.6.-.1.2.2.e.a.5.6.3.d.e.a.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.2.f.5.9.f.0.1.-.e.7.2.3.-.4.5.c.f.-.9.e.9.c.-.7.8.6.e.b.3.f.b.2.0.6.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...M.a.l.w.a.r.e.X.-.g.e.n...2.2.8.3.1...8.8.7.4...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.F.H.Y.u...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.5.0.-.0.0.0.1.-.0.0.1.4.-.3.d.4.b.-.2.9.a.0.2.7.2.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.0.2.9.a.3.3.b.f.e.d.1.7.7.1.e.e.3.d.0.1.d.3.7.d.a.c.5.3.6.2.7.0.0.0.0.0.0.0.0.!.0.0.0.0.b.0.8.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER5381.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Tue Oct 29 17:26:12 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):25714
          Entropy (8bit):1.7422323413722007
          Encrypted:false
          SSDEEP:96:5x8gXxVhT/qgRgNXcjmSi7Sf0hxUqyESE1Y9NCzTEBfWIkWI1TIxmey0:gox6pqOz2EX1Y9Rme
          MD5:0DF06095E765577E67DE8D9014505A8D
          SHA1:D70C36DC5F95822A8FF51CFFE3F6C1250176F924
          SHA-256:59D3B795A93F7486EA651E4FA492496BD7A1E65CADED5C9A072E18A40CBFDCD6
          SHA-512:83EA61DE69D0147D9A2899FA9335F96C39E88B4A302C14C73D613F9A71728EE03202BAFD351618989A2898D3520F4D692AF51977CE41908232660E5FB77E6D14
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... .........!g............4...............<.......T...4...........T.......8...........T...........0...B\......................................................................................................eJ......L.......GenuineIntel............T.......P.....!g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER53C1.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):6504
          Entropy (8bit):3.7230707510918943
          Encrypted:false
          SSDEEP:192:R6l7wVeJpejK6f2YM5RXprH89b1ZsfsHm:R6lXJpwK6f2Y8y1yfx
          MD5:CC9D86253DD895532529CA6045514A57
          SHA1:FB477E0843130B8A8A1E598DD959C7A589798714
          SHA-256:1662452C8AE2BD667EC995F09C8A2F9B578B20D1E5CC1FE10721DF718D38DD08
          SHA-512:1997F160F1C9DA4D083E25743CBE8720EE23EF1E94A237360FEC77EAE99789212AC90F1C57D3D6F40A0CEE0083E0D8CF1612DD879D355A387A6C9F6C36AC4D21
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.9.6.8.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER53F1.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4890
          Entropy (8bit):4.567939675928855
          Encrypted:false
          SSDEEP:48:cvIwWl8zsyJg77aI9ZCfrWpW8VYdYm8M4JUSQYFPo+q8CHxygt94Ed:uIjfAI77Cfa7VdJUtxbHzt94Ed
          MD5:1A5555B4C0A765E44C9484E9D7AE1645
          SHA1:F7794E8BD333EEE66799529F8D6187379086A323
          SHA-256:D4EEE8B33A9C5BBBB741984A59DA7CE2207C50DF181D89E5452C2EB0B85DDA9C
          SHA-512:FE7AC2B1E8340F4B0FC011317B52ECB7D65532A04EC968C9746B15DCFA9E17C335F4EBC4DE3CCD2D8BC0D841039F40C6B96EE3076AAA98D411FF996CD944298F
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="564988" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.421976305777026
          Encrypted:false
          SSDEEP:6144:ySvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNd0uhiTw:BvloTMW+EZMM6DFyD03w
          MD5:A738FC8D1925144BC269D0A4620EEB35
          SHA1:EBF2CB62DB268C973DA1336214D06377B5D3F811
          SHA-256:B3E0B0F8BFF91F74A684F99B480B6450B8DCD419C6304DA904BB9025F27757C2
          SHA-512:AB3DDD8E2829F25DDE4C773037ECC27D4DE592DBF5D1D641B149209CCDE87E5B0EC1B3B52F98FFAAF72D5B979767FCA50BD534EF7E96A850D5FEAF626602317B
          Malicious:false
          Reputation:low
          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm:/^.'*................................................................................................................................................................................................................................................................................................................................................I.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.714597632219898
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          • Win32 Executable (generic) a (10002005/4) 49.75%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Windows Screen Saver (13104/52) 0.07%
          • Generic Win/DOS Executable (2004/3) 0.01%
          File name:SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          File size:807'936 bytes
          MD5:2763fecbfb15082ec14ac94fa9fac1c4
          SHA1:b089305b32852d595949e043a832e81569dc4f01
          SHA256:d36e2205185dc5e60a4036f2f7ab73952ee57b9936ff4c7241f4f50bdd615390
          SHA512:256b578a80fce308d791e7d7c5bb423c0d0624621e02a460dab4f0a9a0330cf2727f3248a0c27cac09fad3fb667dbb94784a122d6e5b7c4859a79ce777f5d160
          SSDEEP:12288:G2900lxDrLtIINAdrP9PCXYitGfp5lp3/d4rSMQRudEAn0lbV65QXWeCyeO7:r1Nul+zm5T7Rud0Bw5QXT5eW
          TLSH:AA05E0D03B36B31ACEA96A35D159DD7692B11A78B004FAF25ADC3B87318D211EE0CF51
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T. g..............0..0...".......O... ...`....@.. ....................................@................................

          File Icon

          Icon Hash:0f31d4313ada253b

          Static PE Info

          General

          Entrypoint:0x4c4f9a
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x6720FB54 [Tue Oct 29 15:12:20 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xc4f480x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x1f9c.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xc2fa00xc300026f8a4fc0e2379f8b6c1acbc2f76e518False0.8782376802884615data7.719973822416818IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0xc60000x1f9c0x2000f24809d4bec60a515d516968326cb0bcFalse0.857666015625data7.227359087670631IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xc80000xc0x200a7c07e4c8b33875315c55796a1e7b919False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0xc60c80x1b0dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9407942238267148
          RT_GROUP_ICON0xc7be80x14data1.05
          RT_VERSION0xc7c0c0x38cPGP symmetric key encrypted data - Plaintext or unencrypted data0.4251101321585903

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:13:25:59
          Start date:29/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe"
          Imagebase:0x1a0000
          File size:807'936 bytes
          MD5 hash:2763FECBFB15082EC14AC94FA9FAC1C4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:3
          Start time:13:26:01
          Start date:29/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.22831.8874.exe"
          Imagebase:0x730000
          File size:807'936 bytes
          MD5 hash:2763FECBFB15082EC14AC94FA9FAC1C4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          Reputation:low
          Has exited:true

          General

          Target ID:6
          Start time:13:26:12
          Start date:29/10/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 196
          Imagebase:0xea0000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:11.9%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:1.9%
            Total number of Nodes:310
            Total number of Limit Nodes:15
            execution_graph 51818 72a34d8 51819 72a3663 51818->51819 51820 72a34fe 51818->51820 51820->51819 51823 72a3758 PostMessageW 51820->51823 51825 72a3751 51820->51825 51824 72a37c4 51823->51824 51824->51820 51826 72a3758 PostMessageW 51825->51826 51827 72a37c4 51826->51827 51827->51820 51682 68f2f88 51686 68f2fb0 51682->51686 51691 68f2fc0 51682->51691 51683 68f2fa7 51687 68f2fc9 51686->51687 51696 68f2ff8 51687->51696 51701 68f3008 51687->51701 51688 68f2fee 51688->51683 51692 68f2fc9 51691->51692 51694 68f2ff8 DrawTextExW 51692->51694 51695 68f3008 DrawTextExW 51692->51695 51693 68f2fee 51693->51683 51694->51693 51695->51693 51697 68f3043 51696->51697 51698 68f3032 51696->51698 51697->51698 51706 68f3710 51697->51706 51711 68f3730 51697->51711 51698->51688 51702 68f3032 51701->51702 51703 68f3043 51701->51703 51702->51688 51703->51702 51704 68f3710 DrawTextExW 51703->51704 51705 68f3730 DrawTextExW 51703->51705 51704->51702 51705->51702 51707 68f3715 51706->51707 51708 68f385e 51707->51708 51716 68f3d80 51707->51716 51721 68f3d90 51707->51721 51708->51698 51712 68f3758 51711->51712 51713 68f385e 51712->51713 51714 68f3d80 DrawTextExW 51712->51714 51715 68f3d90 DrawTextExW 51712->51715 51713->51698 51714->51713 51715->51713 51717 68f3da6 51716->51717 51726 68f41e8 51717->51726 51730 68f41f8 51717->51730 51718 68f3e1c 51718->51708 51722 68f3da6 51721->51722 51724 68f41e8 DrawTextExW 51722->51724 51725 68f41f8 DrawTextExW 51722->51725 51723 68f3e1c 51723->51708 51724->51723 51725->51723 51734 68f4229 51726->51734 51739 68f4238 51726->51739 51727 68f4216 51727->51718 51731 68f4216 51730->51731 51732 68f4229 DrawTextExW 51730->51732 51733 68f4238 DrawTextExW 51730->51733 51731->51718 51732->51731 51733->51731 51735 68f4269 51734->51735 51736 68f4296 51735->51736 51744 68f42a9 51735->51744 51749 68f42b8 51735->51749 51736->51727 51740 68f4269 51739->51740 51741 68f4296 51740->51741 51742 68f42a9 DrawTextExW 51740->51742 51743 68f42b8 DrawTextExW 51740->51743 51741->51727 51742->51741 51743->51741 51746 68f42d9 51744->51746 51745 68f42ee 51745->51736 51746->51745 51754 68f3570 51746->51754 51748 68f4359 51751 68f42d9 51749->51751 51750 68f42ee 51750->51736 51751->51750 51752 68f3570 DrawTextExW 51751->51752 51753 68f4359 51752->51753 51756 68f357b 51754->51756 51755 68f6321 51755->51748 51756->51755 51760 68f6e90 51756->51760 51763 68f6ea0 51756->51763 51757 68f6434 51757->51748 51766 68f602c 51760->51766 51764 68f6ebd 51763->51764 51765 68f602c DrawTextExW 51763->51765 51764->51757 51765->51764 51767 68f6ed8 DrawTextExW 51766->51767 51769 68f6ebd 51767->51769 51769->51757 51828 68fcc78 51830 68fcc97 51828->51830 51829 68fce1d 51830->51829 51833 68fce28 51830->51833 51837 68fce38 51830->51837 51834 68fce41 51833->51834 51835 68f3008 DrawTextExW 51834->51835 51836 68fce65 51835->51836 51836->51830 51838 68fce41 51837->51838 51839 68f3008 DrawTextExW 51838->51839 51840 68fce65 51839->51840 51840->51830 51770 4ac4160 51771 4ac41a2 51770->51771 51773 4ac41a9 51770->51773 51772 4ac41fa CallWindowProcW 51771->51772 51771->51773 51772->51773 51788 68f9ee2 CloseHandle 51789 68f9f4f 51788->51789 51841 68d1fb0 51843 68d1fbc 51841->51843 51842 68d1fcd 51846 68d4e00 51843->51846 51853 68d4e10 51843->51853 51847 68d4e2c 51846->51847 51860 68d5d48 51847->51860 51865 68d5d37 51847->51865 51848 68d4ed6 51849 68d4f78 51848->51849 51870 68d6678 51848->51870 51849->51842 51854 68d4e2c 51853->51854 51858 68d5d48 NtQueryInformationProcess 51854->51858 51859 68d5d37 NtQueryInformationProcess 51854->51859 51855 68d4ed6 51856 68d4f78 51855->51856 51857 68d6678 2 API calls 51855->51857 51856->51842 51857->51856 51858->51855 51859->51855 51861 68d5d5a 51860->51861 51875 68d5d88 51861->51875 51880 68d5d78 51861->51880 51862 68d5d6e 51862->51848 51866 68d5d5a 51865->51866 51868 68d5d88 NtQueryInformationProcess 51866->51868 51869 68d5d78 NtQueryInformationProcess 51866->51869 51867 68d5d6e 51867->51848 51868->51867 51869->51867 51871 68d6644 51870->51871 51873 68d667b 51870->51873 51871->51849 51873->51871 51897 68d0860 51873->51897 51901 68d086c 51873->51901 51876 68d5da2 51875->51876 51885 68d5e48 51876->51885 51889 68d5e58 51876->51889 51877 68d5dc5 51877->51862 51881 68d5da2 51880->51881 51883 68d5e48 NtQueryInformationProcess 51881->51883 51884 68d5e58 NtQueryInformationProcess 51881->51884 51882 68d5dc5 51882->51862 51883->51882 51884->51882 51886 68d5e7c 51885->51886 51893 68d0804 51886->51893 51890 68d5e7c 51889->51890 51891 68d0804 NtQueryInformationProcess 51890->51891 51892 68d5f03 51891->51892 51892->51877 51894 68d5fb8 NtQueryInformationProcess 51893->51894 51896 68d5f03 51894->51896 51896->51877 51898 68d6fc8 OutputDebugStringW 51897->51898 51900 68d7047 51898->51900 51900->51873 51902 68d7078 CloseHandle 51901->51902 51904 68d70e6 51902->51904 51904->51873 51774 256d358 51775 256d39e 51774->51775 51779 256d527 51775->51779 51782 256d538 51775->51782 51776 256d48b 51780 256d566 51779->51780 51785 256b5f0 51779->51785 51780->51776 51783 256b5f0 DuplicateHandle 51782->51783 51784 256d566 51783->51784 51784->51776 51786 256d5a0 DuplicateHandle 51785->51786 51787 256d636 51786->51787 51787->51780 51905 2564668 51906 256467a 51905->51906 51907 2564686 51906->51907 51909 2564779 51906->51909 51910 256479d 51909->51910 51914 2564888 51910->51914 51918 2564879 51910->51918 51916 25648af 51914->51916 51915 256498c 51915->51915 51916->51915 51922 25644f0 51916->51922 51919 25648af 51918->51919 51920 25644f0 CreateActCtxA 51919->51920 51921 256498c 51919->51921 51920->51921 51923 2565918 CreateActCtxA 51922->51923 51925 25659db 51923->51925 51926 256aea8 51927 256aeb7 51926->51927 51929 256af8f 51926->51929 51930 256afd4 51929->51930 51931 256afb1 51929->51931 51930->51927 51931->51930 51932 256b1d8 GetModuleHandleW 51931->51932 51933 256b205 51932->51933 51933->51927 51934 72a1ad4 51935 72a1ada 51934->51935 51940 72a2340 51935->51940 51954 72a23a6 51935->51954 51969 72a2331 51935->51969 51936 72a1afc 51941 72a235a 51940->51941 51942 72a2362 51941->51942 51983 72a28a5 51941->51983 51988 72a2ea5 51941->51988 51993 72a29b5 51941->51993 51997 72a2ae0 51941->51997 52002 72a28f3 51941->52002 52007 72a2b3c 51941->52007 52012 72a2d4e 51941->52012 52017 72a2969 51941->52017 52024 72a2e58 51941->52024 52028 72a29f8 51941->52028 52033 72a2795 51941->52033 51942->51936 51955 72a2334 51954->51955 51957 72a23a9 51954->51957 51956 72a2362 51955->51956 51958 72a29f8 2 API calls 51955->51958 51959 72a2e58 2 API calls 51955->51959 51960 72a2969 4 API calls 51955->51960 51961 72a2d4e 2 API calls 51955->51961 51962 72a2b3c 2 API calls 51955->51962 51963 72a28f3 2 API calls 51955->51963 51964 72a2ae0 2 API calls 51955->51964 51965 72a29b5 2 API calls 51955->51965 51966 72a2ea5 2 API calls 51955->51966 51967 72a28a5 2 API calls 51955->51967 51968 72a2795 2 API calls 51955->51968 51956->51936 51957->51936 51958->51956 51959->51956 51960->51956 51961->51956 51962->51956 51963->51956 51964->51956 51965->51956 51966->51956 51967->51956 51968->51956 51970 72a2334 51969->51970 51971 72a2362 51970->51971 51972 72a29f8 2 API calls 51970->51972 51973 72a2e58 2 API calls 51970->51973 51974 72a2969 4 API calls 51970->51974 51975 72a2d4e 2 API calls 51970->51975 51976 72a2b3c 2 API calls 51970->51976 51977 72a28f3 2 API calls 51970->51977 51978 72a2ae0 2 API calls 51970->51978 51979 72a29b5 2 API calls 51970->51979 51980 72a2ea5 2 API calls 51970->51980 51981 72a28a5 2 API calls 51970->51981 51982 72a2795 2 API calls 51970->51982 51971->51936 51972->51971 51973->51971 51974->51971 51975->51971 51976->51971 51977->51971 51978->51971 51979->51971 51980->51971 51981->51971 51982->51971 51984 72a2faf 51983->51984 52037 72a13a8 51984->52037 52041 72a13a0 51984->52041 51985 72a2fd1 51989 72a2ce1 51988->51989 51990 72a2fa9 51989->51990 52045 72a12b8 51989->52045 52049 72a12b0 51989->52049 51990->51942 51995 72a12b8 WriteProcessMemory 51993->51995 51996 72a12b0 WriteProcessMemory 51993->51996 51994 72a29d9 51994->51942 51995->51994 51996->51994 51998 72a310f 51997->51998 52053 72a1118 51998->52053 52057 72a1120 51998->52057 51999 72a3103 51999->51942 52003 72a2e00 52002->52003 52061 72a11f8 52003->52061 52065 72a11f0 52003->52065 52004 72a2e1e 52008 72a2b42 52007->52008 52069 72a1068 52008->52069 52073 72a1070 52008->52073 52009 72a2de1 52013 72a2d69 52012->52013 52015 72a1068 ResumeThread 52013->52015 52016 72a1070 ResumeThread 52013->52016 52014 72a2de1 52015->52014 52016->52014 52022 72a1118 Wow64SetThreadContext 52017->52022 52023 72a1120 Wow64SetThreadContext 52017->52023 52018 72a2983 52018->51942 52020 72a1068 ResumeThread 52018->52020 52021 72a1070 ResumeThread 52018->52021 52019 72a2de1 52020->52019 52021->52019 52022->52018 52023->52018 52026 72a12b8 WriteProcessMemory 52024->52026 52027 72a12b0 WriteProcessMemory 52024->52027 52025 72a2e86 52026->52025 52027->52025 52029 72a2ce1 52028->52029 52030 72a2fa9 52029->52030 52031 72a12b8 WriteProcessMemory 52029->52031 52032 72a12b0 WriteProcessMemory 52029->52032 52030->51942 52031->52029 52032->52029 52077 72a1540 52033->52077 52081 72a1534 52033->52081 52038 72a13f3 ReadProcessMemory 52037->52038 52040 72a1437 52038->52040 52040->51985 52042 72a13f3 ReadProcessMemory 52041->52042 52044 72a1437 52042->52044 52044->51985 52046 72a1300 WriteProcessMemory 52045->52046 52048 72a1357 52046->52048 52048->51989 52050 72a12b8 WriteProcessMemory 52049->52050 52052 72a1357 52050->52052 52052->51989 52054 72a1120 Wow64SetThreadContext 52053->52054 52056 72a11ad 52054->52056 52056->51999 52058 72a1165 Wow64SetThreadContext 52057->52058 52060 72a11ad 52058->52060 52060->51999 52062 72a1238 VirtualAllocEx 52061->52062 52064 72a1275 52062->52064 52064->52004 52066 72a11f8 VirtualAllocEx 52065->52066 52068 72a1275 52066->52068 52068->52004 52070 72a1070 ResumeThread 52069->52070 52072 72a10e1 52070->52072 52072->52009 52074 72a10b0 ResumeThread 52073->52074 52076 72a10e1 52074->52076 52076->52009 52078 72a15c9 52077->52078 52078->52078 52079 72a172e CreateProcessA 52078->52079 52080 72a178b 52079->52080 52082 72a1540 CreateProcessA 52081->52082 52084 72a178b 52082->52084 52084->52084 51790 68f7460 51791 68f749a 51790->51791 51792 68f752b 51791->51792 51793 68f7516 51791->51793 51794 68f6084 3 API calls 51792->51794 51798 68f6084 51793->51798 51796 68f753a 51794->51796 51800 68f608f 51798->51800 51799 68f7521 51800->51799 51803 68f7e6f 51800->51803 51809 68f7e80 51800->51809 51804 68f7e9a 51803->51804 51815 68f60cc 51803->51815 51806 68f7ea7 51804->51806 51807 68f7ebf CreateIconFromResourceEx 51804->51807 51806->51799 51808 68f7f4e 51807->51808 51808->51799 51810 68f60cc CreateIconFromResourceEx 51809->51810 51811 68f7e9a 51810->51811 51812 68f7ea7 51811->51812 51813 68f7ebf CreateIconFromResourceEx 51811->51813 51812->51799 51814 68f7f4e 51813->51814 51814->51799 51816 68f7ed0 CreateIconFromResourceEx 51815->51816 51817 68f7f4e 51816->51817 51817->51804

            Executed Functions

            Function 068F6084 Relevance: 6.9, Strings: 5, Instructions: 637COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 294 68f6084-68f7580 297 68f7586-68f758b 294->297 298 68f7a63-68f7acc 294->298 297->298 299 68f7591-68f75ae 297->299 305 68f7ad3-68f7b5b 298->305 304 68f75b4-68f75b8 299->304 299->305 307 68f75ba-68f75c4 call 68f6094 304->307 308 68f75c7-68f75cb 304->308 353 68f7b66-68f7be6 305->353 307->308 310 68f75cd-68f75d7 call 68f6094 308->310 311 68f75da-68f75e1 308->311 310->311 316 68f76fc-68f7701 311->316 317 68f75e7-68f7617 311->317 320 68f7709-68f770e 316->320 321 68f7703-68f7707 316->321 328 68f7de6-68f7df0 317->328 330 68f761d-68f76f0 call 68f60a0 * 2 317->330 324 68f7720-68f7750 call 68f60ac * 3 320->324 321->320 323 68f7710-68f7714 321->323 327 68f771a-68f771d 323->327 323->328 324->353 354 68f7756-68f7759 324->354 327->324 338 68f7e55-68f7e6c 328->338 339 68f7df2-68f7e0c 328->339 330->316 362 68f76f2 330->362 342 68f7e0e-68f7e1a 339->342 343 68f7e1c 339->343 349 68f7e1f-68f7e24 342->349 343->349 369 68f7bed-68f7c6f 353->369 354->353 357 68f775f-68f7761 354->357 357->353 358 68f7767-68f779c 357->358 358->369 370 68f77a2-68f77ab 358->370 362->316 376 68f7c77-68f7cf9 369->376 372 68f790e-68f7912 370->372 373 68f77b1-68f780b call 68f60ac * 2 call 68f60bc * 2 370->373 375 68f7918-68f791c 372->375 372->376 415 68f781d 373->415 416 68f780d-68f7816 373->416 379 68f7922-68f7928 375->379 380 68f7d01-68f7d2e 375->380 376->380 384 68f792c-68f7961 379->384 385 68f792a 379->385 393 68f7d35-68f7db5 380->393 389 68f7968-68f796e 384->389 385->389 389->393 394 68f7974-68f797c 389->394 448 68f7dbc-68f7dde 393->448 398 68f797e-68f7982 394->398 399 68f7983-68f7985 394->399 398->399 406 68f79e7-68f79ed 399->406 407 68f7987-68f79ab 399->407 410 68f79ef-68f7a0a 406->410 411 68f7a0c-68f7a3a 406->411 437 68f79ad-68f79b2 407->437 438 68f79b4-68f79b8 407->438 430 68f7a42-68f7a4e 410->430 411->430 422 68f7821-68f7823 415->422 421 68f7818-68f781b 416->421 416->422 421->422 428 68f782a-68f782e 422->428 429 68f7825 422->429 434 68f783c-68f7842 428->434 435 68f7830-68f7837 428->435 429->428 430->448 449 68f7a54-68f7a60 430->449 445 68f784c-68f7851 434->445 446 68f7844-68f784a 434->446 444 68f78d9-68f78dd 435->444 439 68f79c4-68f79d5 437->439 438->328 441 68f79be-68f79c1 438->441 487 68f79d7 call 68f7e6f 439->487 488 68f79d7 call 68f7e80 439->488 441->439 450 68f78df-68f78f9 444->450 451 68f78fc-68f7908 444->451 452 68f7857-68f785d 445->452 446->452 448->328 450->451 451->372 451->373 455 68f785f-68f7861 452->455 456 68f7863-68f7868 452->456 462 68f786a-68f787c 455->462 456->462 458 68f79dd-68f79e5 458->430 467 68f787e-68f7884 462->467 468 68f7886-68f788b 462->468 470 68f7891-68f7898 467->470 468->470 474 68f789e 470->474 475 68f789a-68f789c 470->475 478 68f78a3-68f78ae 474->478 475->478 480 68f78d2 478->480 481 68f78b0-68f78b3 478->481 480->444 481->444 482 68f78b5-68f78bb 481->482 483 68f78bd-68f78c0 482->483 484 68f78c2-68f78cb 482->484 483->480 483->484 484->444 486 68f78cd-68f78d0 484->486 486->444 486->480 487->458 488->458
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Haq$Haq$Haq$Haq$Haq
            • API String ID: 0-1792267638
            • Opcode ID: b7da6b217f0bda1880f15ac57a491d5863c409dc82f7e36101b1a089a27e7fe0
            • Instruction ID: f3defae45f2b4328baa230f8fd8579231a8f506e947c976381d6aee1208bbd6e
            • Opcode Fuzzy Hash: b7da6b217f0bda1880f15ac57a491d5863c409dc82f7e36101b1a089a27e7fe0
            • Instruction Fuzzy Hash: 0242B330E102188FEB94DFA9D8507AEBBF2AF88300F1485A9D509EB395DE349D45CB95
            Function 068D0804 Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
            Download Yara Rule
            APIs
            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 068D6037
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InformationProcessQuery
            • String ID:
            • API String ID: 1778838933-0
            • Opcode ID: 5b5ac11265c87e4f2517610e044710b43439882ebeeccfc1b4ae9cb19b42a854
            • Instruction ID: 906501afff982435dd9b43f3bca277a73074b9baeade24af5bf4b812fe54b4f5
            • Opcode Fuzzy Hash: 5b5ac11265c87e4f2517610e044710b43439882ebeeccfc1b4ae9cb19b42a854
            • Instruction Fuzzy Hash: A921DBB5900259DFCB10DF9AD884ADEFBF4FB48310F10842AEA18A7250D379A944CBA5
            Function 068D5FB0 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
            Download Yara Rule
            APIs
            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 068D6037
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InformationProcessQuery
            • String ID:
            • API String ID: 1778838933-0
            • Opcode ID: ee3ec53331c862a0107fb56a1604fd55fc9cdf4863ac866e184dc36dbf046bdf
            • Instruction ID: 5281bea6827a33218157f806cea6f37a93c38d81801c93ade25681096fd19d40
            • Opcode Fuzzy Hash: ee3ec53331c862a0107fb56a1604fd55fc9cdf4863ac866e184dc36dbf046bdf
            • Instruction Fuzzy Hash: 2321DEB5D00259DFCB10CF9AD884ADEFBF4FF48320F10851AE918A7210D378A944CBA0
            Function 068D32B0 Relevance: .5, Instructions: 506COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e0532408df4cd51da506acd86653d870f84cddc9bf1d9c54cb9e0b722de8009e
            • Instruction ID: abb15a7253f6fa7e7ad6533c1bfc16f9a7bf002722c10440a59ab3d245651387
            • Opcode Fuzzy Hash: e0532408df4cd51da506acd86653d870f84cddc9bf1d9c54cb9e0b722de8009e
            • Instruction Fuzzy Hash: 9A427C78E01228CFDB64CFA9C984B9DBBB2BF49310F1481A9D809A7355D735AE81CF51
            Function 068D1FE0 Relevance: .5, Instructions: 482COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eb3149375707d2cdff817418f88b446c360a51e5069249dd4e51663cbb5dbadf
            • Instruction ID: e5ad26d9c36fed5d8e69ac61756b0fa340b784c8879a2bca171044fffd748736
            • Opcode Fuzzy Hash: eb3149375707d2cdff817418f88b446c360a51e5069249dd4e51663cbb5dbadf
            • Instruction Fuzzy Hash: 9C32BF70D01219CFDB94DFA9C584A8EFBB2BF48351F55D199D508AB216CB30EA85CFA0
            Function 072A4948 Relevance: .3, Instructions: 335COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 36e5ee96da39b7f11a1a2907d72016a2bbbf3f77c86890d61555087f51768bf4
            • Instruction ID: e3942840c341fd32cff4de354adcadcb862f3947966aa91c531d22d3e4ce3cbd
            • Opcode Fuzzy Hash: 36e5ee96da39b7f11a1a2907d72016a2bbbf3f77c86890d61555087f51768bf4
            • Instruction Fuzzy Hash: A4C1BCB0B117429FDB29EB79C464B6AB7EBAFC8700F20446DD1469B2A0DF74E901CB51
            Function 068F7549 Relevance: .3, Instructions: 286COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d641866352504603f7ccdaf34c83709f78ef59f117a535b1cdff6defba7db020
            • Instruction ID: 3830b5048e56a541116d5d9ba01e961219d656b46e7f0c438f62236ff55a164b
            • Opcode Fuzzy Hash: d641866352504603f7ccdaf34c83709f78ef59f117a535b1cdff6defba7db020
            • Instruction Fuzzy Hash: DCC16A30E102188FEB54CF68D88079DBBF2AF88314F14C5A9D619AB255EB74E985CF51
            Function 068F607C Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db4f21845547ccb7f864383bb2c7636fc6899d79c9744fba7a8de1b795adb3b3
            • Instruction ID: d4177e824724b9a24ff8c17ffaadc8f0cb03d20a274adabfb06cb36c84802102
            • Opcode Fuzzy Hash: db4f21845547ccb7f864383bb2c7636fc6899d79c9744fba7a8de1b795adb3b3
            • Instruction Fuzzy Hash: 22C17C30E102088FEF54CF69D88079DBBB2AF88314F14C5A9D609EB255EB74E985CF51
            Function 068D32A0 Relevance: .2, Instructions: 151COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 927678b7116c0369a6783a8af8b4b75cd2ca813d315aeae47340633ffc43dac2
            • Instruction ID: 9a007c194f3fab102678a4040bb9c3bee5e0ac7b36ff99790d2db97fa34ac69d
            • Opcode Fuzzy Hash: 927678b7116c0369a6783a8af8b4b75cd2ca813d315aeae47340633ffc43dac2
            • Instruction Fuzzy Hash: 1561B374E01218DFEB58CFAAD994B9DBBB2FF89300F1481AAD809A7364D7359941CF50
            Function 068D1FD0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 589460bebcf43f8d7f5e72fd2f4c3147ade0a67792c1ce7f4701199cd85d4027
            • Instruction ID: 636679fb768284c37e30470176e7003c6017a1f553edc352dc27ed20ac1bfd8f
            • Opcode Fuzzy Hash: 589460bebcf43f8d7f5e72fd2f4c3147ade0a67792c1ce7f4701199cd85d4027
            • Instruction Fuzzy Hash: 88410A71E006198FEB58DF6AC85179EBBF2BFC8300F00C4AAC55CA7215EA344A46CF51
            Function 072A1534 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1606 72a1534-72a15d5 1609 72a160e-72a162e 1606->1609 1610 72a15d7-72a15e1 1606->1610 1615 72a1630-72a163a 1609->1615 1616 72a1667-72a1696 1609->1616 1610->1609 1611 72a15e3-72a15e5 1610->1611 1613 72a1608-72a160b 1611->1613 1614 72a15e7-72a15f1 1611->1614 1613->1609 1617 72a15f3 1614->1617 1618 72a15f5-72a1604 1614->1618 1615->1616 1619 72a163c-72a163e 1615->1619 1626 72a1698-72a16a2 1616->1626 1627 72a16cf-72a1789 CreateProcessA 1616->1627 1617->1618 1618->1618 1620 72a1606 1618->1620 1621 72a1640-72a164a 1619->1621 1622 72a1661-72a1664 1619->1622 1620->1613 1624 72a164e-72a165d 1621->1624 1625 72a164c 1621->1625 1622->1616 1624->1624 1628 72a165f 1624->1628 1625->1624 1626->1627 1629 72a16a4-72a16a6 1626->1629 1638 72a178b-72a1791 1627->1638 1639 72a1792-72a1818 1627->1639 1628->1622 1631 72a16a8-72a16b2 1629->1631 1632 72a16c9-72a16cc 1629->1632 1633 72a16b6-72a16c5 1631->1633 1634 72a16b4 1631->1634 1632->1627 1633->1633 1635 72a16c7 1633->1635 1634->1633 1635->1632 1638->1639 1649 72a181a-72a181e 1639->1649 1650 72a1828-72a182c 1639->1650 1649->1650 1653 72a1820 1649->1653 1651 72a182e-72a1832 1650->1651 1652 72a183c-72a1840 1650->1652 1651->1652 1654 72a1834 1651->1654 1655 72a1842-72a1846 1652->1655 1656 72a1850-72a1854 1652->1656 1653->1650 1654->1652 1655->1656 1657 72a1848 1655->1657 1658 72a1866-72a186d 1656->1658 1659 72a1856-72a185c 1656->1659 1657->1656 1660 72a186f-72a187e 1658->1660 1661 72a1884 1658->1661 1659->1658 1660->1661 1662 72a1885 1661->1662 1662->1662
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072A1776
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: d6c4a9b29aca20584992c0deebaeb8a38597b0c60be3399b5eaee812cdfa0ca6
            • Instruction ID: 6f86b1cd818c9b4cb95505aee3407f66a4b4f648c013adcab2963de165f03cbb
            • Opcode Fuzzy Hash: d6c4a9b29aca20584992c0deebaeb8a38597b0c60be3399b5eaee812cdfa0ca6
            • Instruction Fuzzy Hash: 1BA16CB1D1021EDFEB24DF68C8407EDBBB2BF48710F1485AAD818A7240DB749995CF92
            Function 072A1540 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1664 72a1540-72a15d5 1666 72a160e-72a162e 1664->1666 1667 72a15d7-72a15e1 1664->1667 1672 72a1630-72a163a 1666->1672 1673 72a1667-72a1696 1666->1673 1667->1666 1668 72a15e3-72a15e5 1667->1668 1670 72a1608-72a160b 1668->1670 1671 72a15e7-72a15f1 1668->1671 1670->1666 1674 72a15f3 1671->1674 1675 72a15f5-72a1604 1671->1675 1672->1673 1676 72a163c-72a163e 1672->1676 1683 72a1698-72a16a2 1673->1683 1684 72a16cf-72a1789 CreateProcessA 1673->1684 1674->1675 1675->1675 1677 72a1606 1675->1677 1678 72a1640-72a164a 1676->1678 1679 72a1661-72a1664 1676->1679 1677->1670 1681 72a164e-72a165d 1678->1681 1682 72a164c 1678->1682 1679->1673 1681->1681 1685 72a165f 1681->1685 1682->1681 1683->1684 1686 72a16a4-72a16a6 1683->1686 1695 72a178b-72a1791 1684->1695 1696 72a1792-72a1818 1684->1696 1685->1679 1688 72a16a8-72a16b2 1686->1688 1689 72a16c9-72a16cc 1686->1689 1690 72a16b6-72a16c5 1688->1690 1691 72a16b4 1688->1691 1689->1684 1690->1690 1692 72a16c7 1690->1692 1691->1690 1692->1689 1695->1696 1706 72a181a-72a181e 1696->1706 1707 72a1828-72a182c 1696->1707 1706->1707 1710 72a1820 1706->1710 1708 72a182e-72a1832 1707->1708 1709 72a183c-72a1840 1707->1709 1708->1709 1711 72a1834 1708->1711 1712 72a1842-72a1846 1709->1712 1713 72a1850-72a1854 1709->1713 1710->1707 1711->1709 1712->1713 1714 72a1848 1712->1714 1715 72a1866-72a186d 1713->1715 1716 72a1856-72a185c 1713->1716 1714->1713 1717 72a186f-72a187e 1715->1717 1718 72a1884 1715->1718 1716->1715 1717->1718 1719 72a1885 1718->1719 1719->1719
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072A1776
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: c073c5e5ed3327b6cf0518e29f34abcc499159abc5973de2dd29cc251a1ed49c
            • Instruction ID: 10abf7cb07787b60dcaccd7f6a69b76d2572209b9ff5c41651545620325a6c6c
            • Opcode Fuzzy Hash: c073c5e5ed3327b6cf0518e29f34abcc499159abc5973de2dd29cc251a1ed49c
            • Instruction Fuzzy Hash: 37916CB1D1021EDFEB14DF68C8407EDBBB2BF48714F1485AAD818A7240DB749995CF92
            Function 0256AF8F Relevance: 1.7, APIs: 1, Instructions: 202COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1721 256af8f-256afaf 1722 256afb1-256afbe call 2569ef0 1721->1722 1723 256afdb-256afdf 1721->1723 1729 256afd4 1722->1729 1730 256afc0 1722->1730 1725 256aff3-256b034 1723->1725 1726 256afe1-256afeb 1723->1726 1732 256b036-256b03e 1725->1732 1733 256b041-256b04f 1725->1733 1726->1725 1729->1723 1776 256afc6 call 256b600 1730->1776 1777 256afc6 call 256b638 1730->1777 1778 256afc6 call 256b628 1730->1778 1732->1733 1734 256b073-256b075 1733->1734 1735 256b051-256b056 1733->1735 1740 256b078-256b07f 1734->1740 1737 256b061 1735->1737 1738 256b058-256b05f call 2569efc 1735->1738 1736 256afcc-256afce 1736->1729 1739 256b110-256b1d0 1736->1739 1742 256b063-256b071 1737->1742 1738->1742 1771 256b1d2-256b1d5 1739->1771 1772 256b1d8-256b203 GetModuleHandleW 1739->1772 1743 256b081-256b089 1740->1743 1744 256b08c-256b093 1740->1744 1742->1740 1743->1744 1747 256b095-256b09d 1744->1747 1748 256b0a0-256b0a9 call 2569f0c 1744->1748 1747->1748 1752 256b0b6-256b0bb 1748->1752 1753 256b0ab-256b0b3 1748->1753 1754 256b0bd-256b0c4 1752->1754 1755 256b0d9-256b0e6 1752->1755 1753->1752 1754->1755 1757 256b0c6-256b0d6 call 2569f1c call 2569f2c 1754->1757 1762 256b0e8-256b106 1755->1762 1763 256b109-256b10f 1755->1763 1757->1755 1762->1763 1771->1772 1773 256b205-256b20b 1772->1773 1774 256b20c-256b220 1772->1774 1773->1774 1776->1736 1777->1736 1778->1736
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 0256B1F6
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 7e766a6652da51ae5e06ec13a5f72e25889779d50d688b64788c9b840c43995f
            • Instruction ID: 46c7aea51c178319bb2b159e6c0edf2d0529160571765ab5592e97b8fc2a1be4
            • Opcode Fuzzy Hash: 7e766a6652da51ae5e06ec13a5f72e25889779d50d688b64788c9b840c43995f
            • Instruction Fuzzy Hash: 1E817770A00B458FDB24DF29D04876ABBF1FF88714F008A2AD49AD7A50DB35E946CF95
            Function 0256590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1887 256590c-256598c 1888 256598f-25659d9 CreateActCtxA 1887->1888 1890 25659e2-2565a3c 1888->1890 1891 25659db-25659e1 1888->1891 1898 2565a3e-2565a41 1890->1898 1899 2565a4b-2565a4f 1890->1899 1891->1890 1898->1899 1900 2565a60 1899->1900 1901 2565a51-2565a5d 1899->1901 1903 2565a61 1900->1903 1901->1900 1903->1903
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 025659C9
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 709d2af1b1f5e63b3b99c604396740a1c9a93b58c37832e1a0cdd1077a89586f
            • Instruction ID: 00c8528a7df307f775c259d0368becb41fd8d2ffae579ed3efcca929644b3223
            • Opcode Fuzzy Hash: 709d2af1b1f5e63b3b99c604396740a1c9a93b58c37832e1a0cdd1077a89586f
            • Instruction Fuzzy Hash: FF41F4B1C00719CBDB24CFA9C9847DDBBF1BF49704F60806AD408AB254DB75594ACF90
            Function 025644F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 025659C9
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: dfcf36ef8490983b47c0e2c8bf1b3439e1be31b866a77566b8b80c1a8a249bea
            • Instruction ID: cd48d7bfea24d173e230b2a6470882286f988089201ffd80582dca52cff4597b
            • Opcode Fuzzy Hash: dfcf36ef8490983b47c0e2c8bf1b3439e1be31b866a77566b8b80c1a8a249bea
            • Instruction Fuzzy Hash: 9D4106B0C0071DCBDB24CFA9C84879EBBF5BF85704F60805AD408AB255DB75694ACF90
            Function 04AC4160 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
            Download Yara Rule
            APIs
            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04AC4221
            Memory Dump Source
            • Source File: 00000000.00000002.2087212991.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallProcWindow
            • String ID:
            • API String ID: 2714655100-0
            • Opcode ID: ca14d667beb60999beed6ed19bce293cecb56da6c53c36d7d5265466be02f44a
            • Instruction ID: 12a544aa92f084ed4c6ff633a20b482d2db3fad31607c401b42aa96ae4c878ea
            • Opcode Fuzzy Hash: ca14d667beb60999beed6ed19bce293cecb56da6c53c36d7d5265466be02f44a
            • Instruction Fuzzy Hash: B64126B9A00309DFDB54CF99C488AAABBF5FF98314F24C459D519AB321D374A841CFA4
            Function 02565A84 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2751e81adc77d01a2b0075bfb9d52717a0d64c80c154d41dca0bdeceefbdff7
            • Instruction ID: c5457a8cce6181b109c26096f00f557fca2f252b92b42bc618d6f96e523678fd
            • Opcode Fuzzy Hash: b2751e81adc77d01a2b0075bfb9d52717a0d64c80c154d41dca0bdeceefbdff7
            • Instruction Fuzzy Hash: D231F0B0844249CFEB11DFA8C8587EDBFF0FF46308F94414AC005AB265E77AA94ACB01
            Function 068F7E80 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: 803d8a6870c622c9bc942d37f15de8e8341264ecdd3ef21d09ac59562c017fc1
            • Instruction ID: 8ae86b8b04762637aa217601463dc8d1ba913147640421ffe5ad99ce822d7a7d
            • Opcode Fuzzy Hash: 803d8a6870c622c9bc942d37f15de8e8341264ecdd3ef21d09ac59562c017fc1
            • Instruction Fuzzy Hash: D3317C719043899FCB11CFA9D844AEEBFF5EF49310F14809AEA54A7261C3359854DFA1
            Function 068F6020 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
            Download Yara Rule
            APIs
            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,068F6EBD,?,?), ref: 068F6F6F
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DrawText
            • String ID:
            • API String ID: 2175133113-0
            • Opcode ID: 9944d62de70e706179f246ac1d9a71fbd761d3ba6509070927cb8d56510f9833
            • Instruction ID: d6aec47f8ca6843c3e7461db6c7ad1a4b2a48f907d2575da5c9b5214c9926442
            • Opcode Fuzzy Hash: 9944d62de70e706179f246ac1d9a71fbd761d3ba6509070927cb8d56510f9833
            • Instruction Fuzzy Hash: A531E2B5D113099FDB50CF9AD880ADEBBF5FF48320F14842AE919A7210D774A944CFA0
            Function 068F6ED0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
            Download Yara Rule
            APIs
            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,068F6EBD,?,?), ref: 068F6F6F
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DrawText
            • String ID:
            • API String ID: 2175133113-0
            • Opcode ID: 4b167ff8ce463abdec551194b4872937527ca0daad4c07a8e1878a414e358243
            • Instruction ID: 38998e50e862447847a0ee2df0f4aa7ac27d6fa17a6f0b2990c724ad17e822c1
            • Opcode Fuzzy Hash: 4b167ff8ce463abdec551194b4872937527ca0daad4c07a8e1878a414e358243
            • Instruction Fuzzy Hash: FD31E5B5D002099FDB50CF9AD8846EEFBF5FF58320F14852AE519A7210D7749945CFA0
            Function 072A12B0 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
            Download Yara Rule
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072A1348
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 6cb35b0c5465092097c9f9da368043fadf599797a39bd68a4bc6dceecad3d71d
            • Instruction ID: 7b2bb55baec015c5ec7a5f03ed82c234bae6d441e306b3c6327cd759a65f697f
            • Opcode Fuzzy Hash: 6cb35b0c5465092097c9f9da368043fadf599797a39bd68a4bc6dceecad3d71d
            • Instruction Fuzzy Hash: 38215AB1D003099FCB10CFA9C885BDEBBF5FF48320F10842AE919A7240C7789954CBA0
            Function 068F602C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
            Download Yara Rule
            APIs
            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,068F6EBD,?,?), ref: 068F6F6F
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DrawText
            • String ID:
            • API String ID: 2175133113-0
            • Opcode ID: d494e825f5b614f64768346018bb3e9e69a8e5bc55ff8b207418a0e6ee42c3ae
            • Instruction ID: de03ac1a3c4eca1a201858e1b764b857a6d15d9777caf00692e3aea2d0ef75e6
            • Opcode Fuzzy Hash: d494e825f5b614f64768346018bb3e9e69a8e5bc55ff8b207418a0e6ee42c3ae
            • Instruction Fuzzy Hash: BD31E4B5D002099FDB50CF9AD884A9EBBF5FF48320F14842AE919A7310D774A944CFA0
            Function 072A12B8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
            Download Yara Rule
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072A1348
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: d0046d92fb77f0f5075fbd19ba434d1b86263b23f825b950d835a2c1bdfdd4bd
            • Instruction ID: 3cc72a89ebabcbe4c7562e6e5c5d3f2bbbaa86f0435cb4faed3586ef76702cb0
            • Opcode Fuzzy Hash: d0046d92fb77f0f5075fbd19ba434d1b86263b23f825b950d835a2c1bdfdd4bd
            • Instruction Fuzzy Hash: 96212AB1D003099FCB10DFA9C985BDEBBF5FF48320F108429E919A7240C7789554CBA0
            Function 072A1118 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072A119E
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 59c4670662e18a75cb3051bc4061bfd18652950a67be64abc33c051ab13c8da3
            • Instruction ID: 3fd7a9d15e5b56d969bfc55eb4b2e2ede6dd9d1b25daf247aedcedb3dbc4ed3d
            • Opcode Fuzzy Hash: 59c4670662e18a75cb3051bc4061bfd18652950a67be64abc33c051ab13c8da3
            • Instruction Fuzzy Hash: E62125B1D003099FDB14DFAAC8857EEBBF4EF89324F50842AD559A7240CB789945CFA0
            Function 0256B5F0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0256D566,?,?,?,?,?), ref: 0256D627
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: a8865d2a47d2f45a626b7668644ed1cf812a4747a2f9ed0a421994ebc74ae99f
            • Instruction ID: 38833d771ccf204365e375485a20bf8b68361dbc5ae0841689ec9780717814be
            • Opcode Fuzzy Hash: a8865d2a47d2f45a626b7668644ed1cf812a4747a2f9ed0a421994ebc74ae99f
            • Instruction Fuzzy Hash: 4E21E3B5D012489FDB10CF9AD984AEEBFF8FB48314F14845AE918A3310D378A950CFA5
            Function 072A13A0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072A1428
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 7ffa89549c9a44746cf12a0746318b4de7f680cbad6eeb8a1a274c32abb29e25
            • Instruction ID: 33607852f92fe25b510a206174de090e231b6ba8df7727652984aca97b68d443
            • Opcode Fuzzy Hash: 7ffa89549c9a44746cf12a0746318b4de7f680cbad6eeb8a1a274c32abb29e25
            • Instruction Fuzzy Hash: A42139B1D003599FDB10DFA9D880AEEFBF5FF48320F50842AE919A7250D7389941CBA0
            Function 0256D599 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0256D566,?,?,?,?,?), ref: 0256D627
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 14cee2f7a45c15c86100c9f82e1315c83a1f5ddcd580a72ca4dad96721f8edb3
            • Instruction ID: c2c36fae1717b3d48b6627dfd7f6120810db8e9f643b2807605bd1889181c39f
            • Opcode Fuzzy Hash: 14cee2f7a45c15c86100c9f82e1315c83a1f5ddcd580a72ca4dad96721f8edb3
            • Instruction Fuzzy Hash: 1821E3B5D012089FDB10CFAAD584AEEBFF4FB48320F14845AE918A3310D378A944CFA5
            Function 072A13A8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
            Download Yara Rule
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072A1428
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 00a12aed7ea89946030762984c9cdd139e37a91ef4d6dae00c69acdd15f45677
            • Instruction ID: 9c286fab762d150a2afaccc1d0eb254136bf4c6676cb5ec8f13f8811eec39b19
            • Opcode Fuzzy Hash: 00a12aed7ea89946030762984c9cdd139e37a91ef4d6dae00c69acdd15f45677
            • Instruction Fuzzy Hash: DA213AB1C003499FCB10DFAAC880AEEFBF5FF48320F50842AE919A7240D7789540CBA0
            Function 072A1120 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072A119E
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 5f6399a33589c394e0648a19b0ab967feac329d76dbbd61dbcf81e60de314ad7
            • Instruction ID: f08c990f7a9dc3fee9af038fa932cfac9add34fcd593b6ca66e922281bd91c4a
            • Opcode Fuzzy Hash: 5f6399a33589c394e0648a19b0ab967feac329d76dbbd61dbcf81e60de314ad7
            • Instruction Fuzzy Hash: 932137B1D002099FDB10DFAAC4857EEBBF4EF48324F10842AD519A7240CB789945CFA0
            Function 072A11F0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072A1266
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 7946494fed8ef9b18a1a4ff4d0fb4c9ce428f8b60ee58e162f8558f587d7f670
            • Instruction ID: 2dca80eb0466697d799d1e5000ef6d1ca630f00f754c40bd6894ad0ee05c5c59
            • Opcode Fuzzy Hash: 7946494fed8ef9b18a1a4ff4d0fb4c9ce428f8b60ee58e162f8558f587d7f670
            • Instruction Fuzzy Hash: 6C1159B1800259DFCB10DFAAC845ADEBFF5FF88720F108819E559A7250CB75A950CFA1
            Function 068F60CC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,068F7E9A,?,?,?,?,?), ref: 068F7F3F
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: 99c63bc0c074de7471fa785c55c4eeb63a9339f834edf0bb82cd7e9a892c2ec3
            • Instruction ID: 0dbc5b22a12f737b89422157d861e8f4deab11f25f5e63c774b39be866065746
            • Opcode Fuzzy Hash: 99c63bc0c074de7471fa785c55c4eeb63a9339f834edf0bb82cd7e9a892c2ec3
            • Instruction Fuzzy Hash: 581129B58002499FDB50DF9AD844BEEBFF8EB48310F14845AEA14A7210C379A954DFA4
            Function 072A11F8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072A1266
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: fe963be142005cb0ec4228095e64d9e241e83167548dce7466c826aad75d004d
            • Instruction ID: b61c0b645b97ec61601f9fe3d59d03ad140c1607a340762e16fa9e8e28e6500d
            • Opcode Fuzzy Hash: fe963be142005cb0ec4228095e64d9e241e83167548dce7466c826aad75d004d
            • Instruction Fuzzy Hash: F41126B58002499FCB10DFAAC844AEEBFF5FF88320F108419E519A7250CB79A950CBA0
            Function 068D0860 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            • OutputDebugStringW.KERNELBASE(00000000), ref: 068D7038
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DebugOutputString
            • String ID:
            • API String ID: 1166629820-0
            • Opcode ID: 3511031ec6fc58050883a570b953978cb33c386fad90169cfcc4aa87947f35f7
            • Instruction ID: 937a2e3ecf1b3e3929920cbf384b006b300405e75b269c26d14ef148ab4ac5d6
            • Opcode Fuzzy Hash: 3511031ec6fc58050883a570b953978cb33c386fad90169cfcc4aa87947f35f7
            • Instruction Fuzzy Hash: E11153B1C006499BCB14DF9AD844A9EFBF4FF48724F10811AE918B3240D379A944CFE0
            Function 072A1068 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 7971d7b158a10855e728e3e20402c0cd411d75e0154934f2d4308232bf8af8a9
            • Instruction ID: 4bf3bb4132f543ff30bb53d329cfd232440541c54182a32a178600a50f564bb8
            • Opcode Fuzzy Hash: 7971d7b158a10855e728e3e20402c0cd411d75e0154934f2d4308232bf8af8a9
            • Instruction Fuzzy Hash: 121119B1D003498BCB24DFAAC4456DEFBF5EF49724F20841AD519A7240CB79A544CBA1
            Function 068D6FC6 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
            Download Yara Rule
            APIs
            • OutputDebugStringW.KERNELBASE(00000000), ref: 068D7038
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DebugOutputString
            • String ID:
            • API String ID: 1166629820-0
            • Opcode ID: 3dfaf2975015873f53c941bf5fb05a2280e0d309338f0984495ff67f503a6ded
            • Instruction ID: 9559604da83441d9bc8cef1a922df24438339e3627ec62c4f2d7ade21aa2bb71
            • Opcode Fuzzy Hash: 3dfaf2975015873f53c941bf5fb05a2280e0d309338f0984495ff67f503a6ded
            • Instruction Fuzzy Hash: C11132B1C006199BCB14DF9AD944A9EFBF8FF48720F10811AE918A3240D779A944CFE1
            Function 072A1070 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: eae526d84188e6b75155ad7268542166f8a677a9bdba3e70d19e9a03e5733c3f
            • Instruction ID: f5c2e4991c073d0b56403ecba0c73baf0c76d0cb111a92d459e3db3cc187f843
            • Opcode Fuzzy Hash: eae526d84188e6b75155ad7268542166f8a677a9bdba3e70d19e9a03e5733c3f
            • Instruction Fuzzy Hash: 331128B1D003498BCB24DFAAC4457EEFBF5EF88324F20841AD519A7240CB79A544CBA0
            Function 0256B190 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 0256B1F6
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 28cd4c340d8452b00f5f71df18874f60e14d4b3ef5c49c6bbae8b79700ac6b51
            • Instruction ID: 2785089e4689f6dc34ca8371a0a3513dc925a9ae1d50c26ed94607443334821c
            • Opcode Fuzzy Hash: 28cd4c340d8452b00f5f71df18874f60e14d4b3ef5c49c6bbae8b79700ac6b51
            • Instruction Fuzzy Hash: 901102B5C002498FCB14DF9AC848ADEFBF8BF48314F10845AD829B7200C379A545CFA5
            Function 072A3751 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 072A37B5
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 72cc33ca18d0d6f3d2b9acad55e8a2e16fdcca91fac940457fd73b68e03ddba0
            • Instruction ID: f529a55ad9ee608a3b91b1c64f073cb36d2a6bf01a0badae2596d29a674e1208
            • Opcode Fuzzy Hash: 72cc33ca18d0d6f3d2b9acad55e8a2e16fdcca91fac940457fd73b68e03ddba0
            • Instruction Fuzzy Hash: FF11F2B58003499FDB10DF9AC985BDEBBF8FB59720F10845AE558A3200C379A544CFA1
            Function 072A3758 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 072A37B5
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: dbaf0c1aeb780d85aacb376e75a4207f46d3feab6915ab1e4f93c4eba7c9aacf
            • Instruction ID: c8d32e239f21b11a74f966dfe6e54a91656dfe454c22cb12fc1ea7a909783a8a
            • Opcode Fuzzy Hash: dbaf0c1aeb780d85aacb376e75a4207f46d3feab6915ab1e4f93c4eba7c9aacf
            • Instruction Fuzzy Hash: 6411D0B58003499FDB10DF9AD985BDEBBF8FB59720F10845AE918A7200C379A944CFA1
            Function 068F9EE2 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,068F9D99,?,?), ref: 068F9F40
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: e55482a2cc88748430f437823366acb687db7b7839531dad55449383ebc96d3d
            • Instruction ID: 3f5b3345012ae78265e620b0486716cc4ccba0189db4d13bc85ae697cfb6bddc
            • Opcode Fuzzy Hash: e55482a2cc88748430f437823366acb687db7b7839531dad55449383ebc96d3d
            • Instruction Fuzzy Hash: 9E1136B1C002498FCB50DF9AC585BDEBBF4FF48320F10845AD658A7240C778A945CFA5
            Function 068D086C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(00000000), ref: 068D70D7
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 17a75f74e0e9af3e9d78c87a8a0307faa3ba962cb31c5a5f30372a5374242822
            • Instruction ID: be9654bb89027f1a32a9aad9769b2d305471c61af5fe809a70855420031e9b8d
            • Opcode Fuzzy Hash: 17a75f74e0e9af3e9d78c87a8a0307faa3ba962cb31c5a5f30372a5374242822
            • Instruction Fuzzy Hash: 471128B18003498FDB10DF9AC845BEEFBF8EF48324F10846AE518A3241D779A944CFA5
            Function 068D7076 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(00000000), ref: 068D70D7
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 838aa7a736efabdcb4ef1281b30f7a8ef6bae128d9fd0f1b40415923e3606b10
            • Instruction ID: 73daa53c60ecb153dd9d8b7ffc584404c8c76f9703c75dfad2423be569157dc3
            • Opcode Fuzzy Hash: 838aa7a736efabdcb4ef1281b30f7a8ef6bae128d9fd0f1b40415923e3606b10
            • Instruction Fuzzy Hash: 9811F5B18002498FDB10DF9AD945BEEFBF8EF48320F20846AD558A3250D779A944CFA5
            Function 068F93E8 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,068F9D99,?,?), ref: 068F9F40
            Memory Dump Source
            • Source File: 00000000.00000002.2088182536.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 5d840019d8f75138cb39880c9233bee050c0cea4c15736e300f1929e3b001647
            • Instruction ID: e4751a5a53fa25875070b2f90dfc4a8f0d48c4b039c270b30e17ef62dc8e1ca9
            • Opcode Fuzzy Hash: 5d840019d8f75138cb39880c9233bee050c0cea4c15736e300f1929e3b001647
            • Instruction Fuzzy Hash: 3801D0B08043498FDB54DF9AC589BAEBFF8FB09314F108459EA18A7240D3B8A544CBA5
            Function 00B2D4C4 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2084806754.0000000000B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_b2d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8c982ccb79c349ac1f934d5f2221587b493cded8649e667d1b1b5ecc72ba1840
            • Instruction ID: 2ea81ee94214fd41fcc019d068e5f582330b259c6d5afb03460e1319bafa01a4
            • Opcode Fuzzy Hash: 8c982ccb79c349ac1f934d5f2221587b493cded8649e667d1b1b5ecc72ba1840
            • Instruction Fuzzy Hash: 91210071504240DFDB05DF14E9C0F26BFA5FBA8318F20C5A9E9090B256C37AD856DAA2
            Function 00B3D1D4 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2084830195.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_b3d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b006fbff36d530a07d5e9204de52a2b98652bbce363bba2191ed4b3173b8b30d
            • Instruction ID: f517f819bc8979f3348d72767c6110859dc1bb3bd77d8275627893ca9e5dbda8
            • Opcode Fuzzy Hash: b006fbff36d530a07d5e9204de52a2b98652bbce363bba2191ed4b3173b8b30d
            • Instruction Fuzzy Hash: 37210471604204EFDB05DF24E9C0F26BBA5FB88314F30C5ADE9494B296C33AD806CA61
            Function 00B3D01C Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2084830195.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_b3d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3e5cf01f2c043d403df04b1e0bb427016b697b5532a169f83d89229a9c5c6519
            • Instruction ID: 912e91cbffcc9069412d32e22f332becaa0446460327ab1049ccad2fab579cb2
            • Opcode Fuzzy Hash: 3e5cf01f2c043d403df04b1e0bb427016b697b5532a169f83d89229a9c5c6519
            • Instruction Fuzzy Hash: 4921F271604204DFCB18DF24E9D4B26BFA5FB88714F30C5ADE94A4B296C33AD807CA61
            Function 00B3D006 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2084830195.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_b3d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 13520499a875268fc3089f47d94e45dee147c9be243e5ccf1c6e0b501d794d42
            • Instruction ID: 98df7b5d41354e92dba931d8824dbfba4fc555386127362c8322ebeac4f8fc29
            • Opcode Fuzzy Hash: 13520499a875268fc3089f47d94e45dee147c9be243e5ccf1c6e0b501d794d42
            • Instruction Fuzzy Hash: D12192755083809FCB06CF24D994B11BFB1FB56314F28C5DAD8498F2A7C33A980ACB62
            Function 00B2D4BF Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2084806754.0000000000B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_b2d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
            • Instruction ID: e9ba30bb55ffb134a12ba0a6c511fb40463a9d2d42f309567a755007f066ab1f
            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
            • Instruction Fuzzy Hash: 02112672504280CFCB02CF10D5C4B16BFB1FBA8314F24C6E9D8490B256C33AD85ACBA2
            Function 00B3D1CF Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2084830195.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_b3d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
            • Instruction ID: 9ad6e72ead4873600ec0307060baf24afcb5b799a6b430846f359dd21f403923
            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
            • Instruction Fuzzy Hash: AB118B75504280DFDB16CF14D9C4B16BBA1FB84314F24C6A9D8494B696C33AD85ACB62

            Non-executed Functions

            Function 068DE70D Relevance: .3, Instructions: 321COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2bc3483bc60e10d826f87da36c0763006e21d93f5e48ce6762ff91b4959f5f31
            • Instruction ID: f957b33b471e694d663e7c24f491a620ed9191c2bd3e5e42057ae4a38e862e63
            • Opcode Fuzzy Hash: 2bc3483bc60e10d826f87da36c0763006e21d93f5e48ce6762ff91b4959f5f31
            • Instruction Fuzzy Hash: 2DE11D74E002198FCB54DFA9C5849AEFBF2FF49305F2481AAD414AB356D731A941CFA1
            Function 068D4F80 Relevance: .3, Instructions: 318COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be827b7bb3be1629f8e0f471232d0be234ffe2b7dfc9d870af7475e37ebd2fbe
            • Instruction ID: 7074d3bf6ee07a1cd89bca4b3b4076f3bbb51d26cd289515ef15f5ae386db09b
            • Opcode Fuzzy Hash: be827b7bb3be1629f8e0f471232d0be234ffe2b7dfc9d870af7475e37ebd2fbe
            • Instruction Fuzzy Hash: B0E12974E101198FDB14DFA8C9809AEFBF2FF89305F24816AD415AB356D730A946CFA1
            Function 04AC02D8 Relevance: .3, Instructions: 315COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2087212991.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c432bdba8dbf4916ec96f0730875980267a2309a5a73d831c141d6e67bbdbf8a
            • Instruction ID: 41c0cf7cda901f7bc147778a6f2d40f5047f31ca707a7c07bcf0b7d399c1e00f
            • Opcode Fuzzy Hash: c432bdba8dbf4916ec96f0730875980267a2309a5a73d831c141d6e67bbdbf8a
            • Instruction Fuzzy Hash: D2127EB0C01786AAE714CF65E94C1897AB1FBE5328F904209D2A56B2F5DBBC194BCF44
            Function 072A0848 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 51eca3bd3f9685b517258b27ee1f2ee9d01f4049369955087e2b81177190e04a
            • Instruction ID: 71e78b56a42dee70e05801864654b902276537e22bbd8f3dff04b8e9bbcabdbb
            • Opcode Fuzzy Hash: 51eca3bd3f9685b517258b27ee1f2ee9d01f4049369955087e2b81177190e04a
            • Instruction Fuzzy Hash: AEE10BB4E1021A9FCB14DFA9C5809AEFBF2FF89305F24816AD414A7356D730A941CFA1
            Function 068D53C8 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4553f5efc062c342df795d269e8a6bfdd01390dbe99e34e022106bf3adf60774
            • Instruction ID: f36d0055dfb49604d18892fac3cdbd68c8741db7b671af8be24caa4270d37dfe
            • Opcode Fuzzy Hash: 4553f5efc062c342df795d269e8a6bfdd01390dbe99e34e022106bf3adf60774
            • Instruction Fuzzy Hash: ADE10774E142198FCB14DFA9C5809AEFBF2FF89305F24816AD414AB356D730A946CFA1
            Function 068DF3D0 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ad244620ce9cba4f9a431212ab1e03ec1ac544c9e04a9102e522c36478f985bb
            • Instruction ID: 198a637c6c95c0ff6a36cb86105e8829d91a2ac44169098c5c068b5e85d12302
            • Opcode Fuzzy Hash: ad244620ce9cba4f9a431212ab1e03ec1ac544c9e04a9102e522c36478f985bb
            • Instruction Fuzzy Hash: B3E10A74E102198FCB14DFA9C5809AEBBF2BF89305F24C15AD519AB356D730A942DFA0
            Function 068D6138 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d05bc999a06b139da055a86df669a5f04a60af1ba941577d9ecbb4171ff5e844
            • Instruction ID: 70beeb1afd771bb216aa7a53b25d08ebaa5f9921a66e7c17ac81e7eacca797fb
            • Opcode Fuzzy Hash: d05bc999a06b139da055a86df669a5f04a60af1ba941577d9ecbb4171ff5e844
            • Instruction Fuzzy Hash: 8FE11B74E141198FCB14DFA8C5809AEFBF2FF89305F24816AD414AB356D730A986CFA0
            Function 068DEF98 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b156b6f8001c3d09f644cae160acde6b8ab0b245ed67faaa168ed2f8c7d13e5
            • Instruction ID: 347b17b2aa7a1b44a36696989c3c068207c63203e865600d3b7cc31a171651ce
            • Opcode Fuzzy Hash: 9b156b6f8001c3d09f644cae160acde6b8ab0b245ed67faaa168ed2f8c7d13e5
            • Instruction Fuzzy Hash: 31E12C74E002198FCB14DFA9C5809AEFBF2FF89305F24816AD515AB356D730A942DFA1
            Function 068DEB60 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1714bd94d23e620f2d3c3a3feaad0c4d0e09f68f16f073a63c683b9c7adc6b4d
            • Instruction ID: a284791a15663dc91be44e91d3725dbec6a0924922e8d3e1891f0193b625bfbd
            • Opcode Fuzzy Hash: 1714bd94d23e620f2d3c3a3feaad0c4d0e09f68f16f073a63c683b9c7adc6b4d
            • Instruction Fuzzy Hash: 0DE12D74E102198FDB14DF99C5849AEFBF2FF89305F2481AAD414AB356C730A942CFA1
            Function 068D5888 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2669ba63b4bbe38d31fc330e943a5d7eb337b24cfd64f1381ca489944b28fc04
            • Instruction ID: 7c6b40fbb786fbdef90fa94a45c44caa7183fb3c8d4481144d6c8b8c9232af40
            • Opcode Fuzzy Hash: 2669ba63b4bbe38d31fc330e943a5d7eb337b24cfd64f1381ca489944b28fc04
            • Instruction Fuzzy Hash: E7E11774E101198FDB14DFA9C5809AEFBF2FF89305F24816AD414AB356D730A946CFA1
            Function 0256DC4C Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2085034632.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f30ba837de6395a3b7c8cd371da666ea85a1d0e9b94408e386b554440d8d66df
            • Instruction ID: 496986108b9dc2e9cdd1d9a56bd7dbfa389ab1c210624093f956bc2bfa3a7fe4
            • Opcode Fuzzy Hash: f30ba837de6395a3b7c8cd371da666ea85a1d0e9b94408e386b554440d8d66df
            • Instruction Fuzzy Hash: 38A15E32E0020A8FCF15DFB5D8489AEBBB3FF85300B15456AE806AB265DB75E955CF40
            Function 04AC02C8 Relevance: .2, Instructions: 221COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2087212991.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 794f2378cbab4480415ebe077cacca98da5c1adefc960d7a285830625e0a8eb8
            • Instruction ID: 737dfaa6aa249ffdd147e5217cbd939a04bf434abc7ebe6bd1a98914eb0aa01e
            • Opcode Fuzzy Hash: 794f2378cbab4480415ebe077cacca98da5c1adefc960d7a285830625e0a8eb8
            • Instruction Fuzzy Hash: 30C1F2B0C00786ABE714CF65E9481897BB1FBE5328F604209D2616B2F0DBBC188BCF44
            Function 068D7F78 Relevance: .2, Instructions: 169COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5dd8a4ee105d2b531d4889301bf402341c024e25912d52194ace64f61bc5cf30
            • Instruction ID: 4efce7f2edb3fdb623b9791ca2dfa3798282dffe1cdf5c8b927c5175ec42e23e
            • Opcode Fuzzy Hash: 5dd8a4ee105d2b531d4889301bf402341c024e25912d52194ace64f61bc5cf30
            • Instruction Fuzzy Hash: 4D716FB4E016189FDB44DFAAC98499EFBF2BF88310F14D16AD818EB215D734A946CF50
            Function 072A0838 Relevance: .2, Instructions: 157COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b71b5746f57f674a6a0cba98f2e6b6bb992db47541b160778884a6d475776add
            • Instruction ID: ce8ad8337402f0157a8647d0b4d506754c0a9ee9d8857c2bbd8abd0e0db5bb82
            • Opcode Fuzzy Hash: b71b5746f57f674a6a0cba98f2e6b6bb992db47541b160778884a6d475776add
            • Instruction Fuzzy Hash: 465131B0E1021A9FDB14CFA9C5409AEFBF6EF89305F14816AD418A7316D7309E41CFA1
            Function 068D7D08 Relevance: .1, Instructions: 140COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0e6018d5ff21588f12b21e189cef4957110328647e3879ac2c1f07e7f24927a6
            • Instruction ID: d996c7b35928aeb2797f253c5d67f52a2bff29089f60b08f13396d6a5ed4ec61
            • Opcode Fuzzy Hash: 0e6018d5ff21588f12b21e189cef4957110328647e3879ac2c1f07e7f24927a6
            • Instruction Fuzzy Hash: 43518F75E016199FDB08DFEAC9446EEFBF2FF88301F10902AD919AB254DB345A06CB50
            Function 068DF3C1 Relevance: .1, Instructions: 134COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d13e8f75be4e5706a00c14359d15897327acba211cc79b39b514ed34aa50796
            • Instruction ID: 44ed887b8aeb6909d751428c1a612a8ceda3105b225a01601f2bac6a54cdc934
            • Opcode Fuzzy Hash: 2d13e8f75be4e5706a00c14359d15897327acba211cc79b39b514ed34aa50796
            • Instruction Fuzzy Hash: 54510C74E002198FDB14CFA9C5805AEFBF2BF89305F24C1AAD519A7316D7309942CFA1
            Function 068D7F68 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6b58869faecb11f3d475dd23babcc37729c28f6a28948314b74b2eed9dfcde51
            • Instruction ID: 31958db732d8034439dd193447c95428a62879c566bd6798a1b32ffaa77744ed
            • Opcode Fuzzy Hash: 6b58869faecb11f3d475dd23babcc37729c28f6a28948314b74b2eed9dfcde51
            • Instruction Fuzzy Hash: 17517FB5E016588FDB48DFAAD98469EFBF2BF88300F14C16AD419EB314DB349946CB50
            Function 068D7CF9 Relevance: .1, Instructions: 103COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088125413.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_68d0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6de35ca0bafe18639c5230de0dcc1ea5b7e0aa09201666168ae666e1142503d4
            • Instruction ID: 0bfcc3de77742724aaf837aae8cca46b5c56ab03d0f4112b5b3ebb8b87ee859e
            • Opcode Fuzzy Hash: 6de35ca0bafe18639c5230de0dcc1ea5b7e0aa09201666168ae666e1142503d4
            • Instruction Fuzzy Hash: 844181B5E006199FDB08CFEAD8856EEFBF2AF88700F14C46AD419AB254DB345946CF50
            Function 072A287D Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2088516144.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_72a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b82f57c81d9ec64ec79655618efcb796482c2fe923af96b54a2cfb85e356a7b
            • Instruction ID: 6e90f1568cd45d121f22227909648acdc5705b04c266d33d46d7c51eeb7d9e08
            • Opcode Fuzzy Hash: 1b82f57c81d9ec64ec79655618efcb796482c2fe923af96b54a2cfb85e356a7b
            • Instruction Fuzzy Hash: 62E09AB5D7E508EFC750AEA8A4581F8BBB8FB5B312F0420A6D50EE7112D7A04D548A54

            Execution Graph

            Execution Coverage:0.6%
            Dynamic/Decrypted Code Coverage:5.5%
            Signature Coverage:1.4%
            Total number of Nodes:73
            Total number of Limit Nodes:9
            execution_graph 95076 42ba43 95077 42ba5d 95076->95077 95080 1252df0 LdrInitializeThunk 95077->95080 95078 42ba85 95080->95078 95081 424b63 95085 424b7c 95081->95085 95082 424bc4 95089 42e573 95082->95089 95085->95082 95086 424c07 95085->95086 95088 424c0c 95085->95088 95087 42e573 RtlFreeHeap 95086->95087 95087->95088 95092 42c7b3 95089->95092 95091 424bd4 95093 42c7cd 95092->95093 95094 42c7de RtlFreeHeap 95093->95094 95094->95091 95131 4247d3 95132 4247ef 95131->95132 95133 424817 95132->95133 95134 42482b 95132->95134 95136 42c433 NtClose 95133->95136 95141 42c433 95134->95141 95137 424820 95136->95137 95138 424834 95144 42e693 RtlAllocateHeap 95138->95144 95140 42483f 95142 42c44d 95141->95142 95143 42c45e NtClose 95142->95143 95143->95138 95144->95140 95145 42f613 95146 42f623 95145->95146 95147 42f629 95145->95147 95150 42e653 95147->95150 95149 42f64f 95153 42c763 95150->95153 95152 42e66e 95152->95149 95154 42c780 95153->95154 95155 42c791 RtlAllocateHeap 95154->95155 95155->95152 95156 41e293 95157 41e2b9 95156->95157 95161 41e3b6 95157->95161 95162 42f743 95157->95162 95159 41e354 95160 42ba93 LdrInitializeThunk 95159->95160 95159->95161 95160->95161 95163 42f6b3 95162->95163 95164 42f710 95163->95164 95165 42e653 RtlAllocateHeap 95163->95165 95164->95159 95166 42f6ed 95165->95166 95167 42e573 RtlFreeHeap 95166->95167 95167->95164 95095 401b07 95097 401aa2 95095->95097 95096 401a48 95097->95096 95100 42fae3 95097->95100 95103 42e0f3 95100->95103 95102 401bff 95104 42e117 95103->95104 95109 4072d3 95104->95109 95106 42e140 95108 42e15f 95106->95108 95112 41ae93 NtClose 95106->95112 95108->95102 95111 4072e0 95109->95111 95113 416283 95109->95113 95111->95106 95112->95108 95114 4162a0 95113->95114 95116 4162b9 95114->95116 95117 42cec3 95114->95117 95116->95111 95119 42cedd 95117->95119 95118 42cf0c 95118->95116 95119->95118 95124 42ba93 95119->95124 95122 42e573 RtlFreeHeap 95123 42cf85 95122->95123 95123->95116 95125 42bab0 95124->95125 95128 1252c0a 95125->95128 95126 42badc 95126->95122 95129 1252c1f LdrInitializeThunk 95128->95129 95130 1252c11 95128->95130 95129->95126 95130->95126

            Executed Functions

            Function 0042C433 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 113 42c433-42c46c call 404713 call 42d6b3 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C467
            Memory Dump Source
            • Source File: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
            • Instruction ID: 37a102a096cf0697ac499042812ebe3be0a6e3a94df1b2a833282852239f11ec
            • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
            • Instruction Fuzzy Hash: 7DE04F766002147BD620BA5AEC41F97775CDFC5714F00801AFA0867282C675791087F5
            Function 01252DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 122 1252df0-1252dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: bd2ca955e429a096c1e605327d4e2779d94f50a07d94e4551e31bff3df378c81
            • Instruction ID: ddadd982008dd0c3582b2ae3fb77c4fb723416ef9ace9f7f5fc98771b7459f5a
            • Opcode Fuzzy Hash: bd2ca955e429a096c1e605327d4e2779d94f50a07d94e4551e31bff3df378c81
            • Instruction Fuzzy Hash: 7190027121150453D1117158450470B000D97D0241F95C412A542455CDD6568E92A221
            Function 0042C763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 103 42c763-42c7a7 call 404713 call 42d6b3 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0041E354,?,?,00000000,?,0041E354,?,?,?), ref: 0042C7A2
            Memory Dump Source
            • Source File: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
            • Instruction ID: 8478ad7e8697ef7acc63e2c8c0b0e70c508952faf178b19bb78cdc86ac20e0b7
            • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
            • Instruction Fuzzy Hash: 18E06DB27042047FD610EE59EC45F9B73ACEFC5714F004019F908A7282D770B9108AB5
            Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 108 42c7b3-42c7f4 call 404713 call 42d6b3 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,9403D333,00000007,00000000,00000004,00000000,00416E48,000000F4), ref: 0042C7EF
            Memory Dump Source
            • Source File: 00000003.00000002.2426956944.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
            • Instruction ID: 0103aceadb78e79b7ecc8faacede7f1e09fa23b9d57152ecbc1c1368217fcbeb
            • Opcode Fuzzy Hash: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
            • Instruction Fuzzy Hash: 6DE06DB17002047BD610EE59EC81F9B33ADDFC5710F004019FE08A7241D671B9108AB9
            Function 01252C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 118 1252c0a-1252c0f 119 1252c11-1252c18 118->119 120 1252c1f-1252c26 LdrInitializeThunk 118->120
            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 7fac117fff3a96680f257ae8f7e4440a634fedbbefbd3d809df47770ad9b87ad
            • Instruction ID: e720c60ffbe95012909ae3f2309eee601de1945d2212726321f68efdbe78b514
            • Opcode Fuzzy Hash: 7fac117fff3a96680f257ae8f7e4440a634fedbbefbd3d809df47770ad9b87ad
            • Instruction Fuzzy Hash: 04B09B719115D5C5DB51E764460871B790477D0701F16C061D7030645F4738C5D1E375

            Non-executed Functions

            Function 01292349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: 04ed8ca29b05aa7950db5a974df0e29611c3951d2dfc5b7c3df61c95ddacb958
            • Instruction ID: 686c2b059733735f5686235bae20dbda368d54727850211252facf6b4ffe3969
            • Opcode Fuzzy Hash: 04ed8ca29b05aa7950db5a974df0e29611c3951d2dfc5b7c3df61c95ddacb958
            • Instruction Fuzzy Hash: 16928D71624342EFEB25CE29C881B6BB7E8BB84754F04492DFB94D7291D770E844CB92
            Function 01248620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • Thread is in a state in which it cannot own a critical section, xrefs: 01285543
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012854CE
            • Invalid debug info address of this critical section, xrefs: 012854B6
            • double initialized or corrupted critical section, xrefs: 01285508
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0128540A, 01285496, 01285519
            • 8, xrefs: 012852E3
            • Address of the debug info found in the active list., xrefs: 012854AE, 012854FA
            • Critical section debug info address, xrefs: 0128541F, 0128552E
            • undeleted critical section in freed memory, xrefs: 0128542B
            • corrupted critical section, xrefs: 012854C2
            • Critical section address., xrefs: 01285502
            • Thread identifier, xrefs: 0128553A
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012854E2
            • Critical section address, xrefs: 01285425, 012854BC, 01285534
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 0e4baa9acca402b7ad5834e51438a7b190d5c02d4635f50a8884b1628976ab30
            • Instruction ID: 2c55846228be0c280c3298aa9e676f8ec891403a99523f6c6275363b466349e6
            • Opcode Fuzzy Hash: 0e4baa9acca402b7ad5834e51438a7b190d5c02d4635f50a8884b1628976ab30
            • Instruction Fuzzy Hash: 4F81A9B1A51349AFDB25CF9AC845BAEBBF9FB08B14F10415DF604B7290D3B5A940CB60
            Function 012429F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0128261F
            • @, xrefs: 0128259B
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01282506
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01282409
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01282412
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012825EB
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012822E4
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01282498
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01282602
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01282624
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012824C0
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: d9d896e4220aa1f3996156c5f36f9bd568c48d44fe31eb770f5fcdddd9fe0daa
            • Instruction ID: 13ce63631c07ea1d7b9be59a860cc432ae067ff61a35a1db6789690e77e43217
            • Opcode Fuzzy Hash: d9d896e4220aa1f3996156c5f36f9bd568c48d44fe31eb770f5fcdddd9fe0daa
            • Instruction Fuzzy Hash: 9902A0F1D11229DBDB35DB59CD80BA9B7B8AF44304F0141DAEB09A7281E7709E84CF69
            Function 012B8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: 567198efad1c1ce7e2017d73d729e4697154f731a556bdac54daddbb5da80166
            • Instruction ID: ae89f73eb4a488cf5d358424884dfed3d53b3e7c55274eb485762399aaf7afd6
            • Opcode Fuzzy Hash: 567198efad1c1ce7e2017d73d729e4697154f731a556bdac54daddbb5da80166
            • Instruction Fuzzy Hash: 8751C3B15247429BD329DF188884BEBBBECEF98790F14491EEA59C3280E770D544CBD2
            Function 012C0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 30673258b38b1177bd96d180afd5f9270d50cdae593628173e5dd826fa1dfae4
            • Instruction ID: 9b5ecf2010ac58c11cfb5679d63d565afac7d0217646e7d6f8cd1a0de6c8817a
            • Opcode Fuzzy Hash: 30673258b38b1177bd96d180afd5f9270d50cdae593628173e5dd826fa1dfae4
            • Instruction Fuzzy Hash: 82D1FD39520686DFDB26DFA8C401AAAFBF2FF59B00F08821DF6459B652C7359940CB18
            Function 012989B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierDlls, xrefs: 01298CBD
            • AVRF: -*- final list of providers -*- , xrefs: 01298B8F
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01298A3D
            • HandleTraces, xrefs: 01298C8F
            • VerifierFlags, xrefs: 01298C50
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01298A67
            • VerifierDebug, xrefs: 01298CA5
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: 45e18ff4ce4fc9a6f91f8a51cbca4e6c3e2a42d23610fe2e342b388a0d979da8
            • Instruction ID: d23e45a9bcdc1bac6ba376b7b5d280b0b70f2a2fecf8d1e8affcf3cf90fe8a71
            • Opcode Fuzzy Hash: 45e18ff4ce4fc9a6f91f8a51cbca4e6c3e2a42d23610fe2e342b388a0d979da8
            • Instruction Fuzzy Hash: 1191347266130AAFDF22EF2CC8A1B2B77E8AF55714F080419FA40AB281D7709C40CB95
            Function 0121EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: 231092ba61cc0a9bfec117b66bac5271324264c756551ed2893a51670d93ac47
            • Instruction ID: e408fa7685eb28106a88da661f04b78fa4f65ff71fcab6585b554aa9e5a911db
            • Opcode Fuzzy Hash: 231092ba61cc0a9bfec117b66bac5271324264c756551ed2893a51670d93ac47
            • Instruction Fuzzy Hash: CCA29970A2526A8FDB25DF18CD98BAABBB5FF55300F1042E9D91DA7254DB709E84CF00
            Function 012463FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: 3316a74a30691f05245d5ccd20a35f0506bcfb398b1670ac30b033969ad878cd
            • Instruction ID: f973636a9292b532a4a84740bf40d0ff9bdebe4f2d0f6e365c3de0f643027e78
            • Opcode Fuzzy Hash: 3316a74a30691f05245d5ccd20a35f0506bcfb398b1670ac30b033969ad878cd
            • Instruction Fuzzy Hash: 4E913570B21357DBEB3AEF58D855BBA7BE5EB51B24F04011EEA006B2C5D7B09841CB90
            Function 0120645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01269A01
            • minkernel\ntdll\ldrinit.c, xrefs: 01269A11, 01269A3A
            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01269A2A
            • LdrpInitShimEngine, xrefs: 012699F4, 01269A07, 01269A30
            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012699ED
            • apphelp.dll, xrefs: 01206496
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 489a5d5bbe8700736140df795b59504641c59039aad743205ec97740de5736f2
            • Instruction ID: cde9ecbd7aeb3f17f189f7d3557ab466f4bc18f48aef84b82e0bff631930d44b
            • Opcode Fuzzy Hash: 489a5d5bbe8700736140df795b59504641c59039aad743205ec97740de5736f2
            • Instruction Fuzzy Hash: 6751B3712683059FDB26DF24D851B6B7BE8FB84B48F00091EF68597191DB70ED84CB92
            Function 01242674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012821BF
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01282178
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01282180
            • SXS: %s() passed the empty activation context, xrefs: 01282165
            • RtlGetAssemblyStorageRoot, xrefs: 01282160, 0128219A, 012821BA
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0128219F
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: e767347ffc6ef9457a57e1de9cc95de4505c8c0c510ff6a3b33c20c351820305
            • Instruction ID: 7e701ebf01a0d6e542df932f4451a8e4694567d7ec4bcb60dfdd03e0fb4341a8
            • Opcode Fuzzy Hash: e767347ffc6ef9457a57e1de9cc95de4505c8c0c510ff6a3b33c20c351820305
            • Instruction Fuzzy Hash: 3E313B36F61215F7F719DA9A9C41F6A7E78DF64A90F15005DFB05B7181D3B09A00C7A0
            Function 0124C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 0124C6C3
            • Loading import redirection DLL: '%wZ', xrefs: 01288170
            • minkernel\ntdll\ldrredirect.c, xrefs: 01288181, 012881F5
            • LdrpInitializeProcess, xrefs: 0124C6C4
            • LdrpInitializeImportRedirection, xrefs: 01288177, 012881EB
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 012881E5
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: eca3e312d632f9ccae157d4343d1de53b4aeda601620ba95ffed2cfb30910f87
            • Instruction ID: cbbe84344d4ae59efa11822023fdabc2b840c22adcaf2eb2788df69741a99add
            • Opcode Fuzzy Hash: eca3e312d632f9ccae157d4343d1de53b4aeda601620ba95ffed2cfb30910f87
            • Instruction Fuzzy Hash: 1831E2B16653469FD328EB29D946E2AB7D9AFD4B10F00055CFA456B291EB20EC04C7A2
            Function 0125096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 01252DF0: LdrInitializeThunk.NTDLL ref: 01252DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250D74
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 0b5907d624606866108f0357c8da0ed3c3cb4c01183556c7a98e6939569a911a
            • Instruction ID: 41d1e09d5bab71c95246dbfc99d355888be81da87a84712ee7036c89faec23ae
            • Opcode Fuzzy Hash: 0b5907d624606866108f0357c8da0ed3c3cb4c01183556c7a98e6939569a911a
            • Instruction Fuzzy Hash: F5425C71910716DFDB61CF28C881BAAB7F5FF44314F1445A9E989EB242E770A984CF60
            Function 0121A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: b93e99dbf185665b4e17831568fcba2c5e17c824c540ea2ef452ad9c57e35705
            • Instruction ID: c9fa0a9c7469d84dd8faa9e61798f4e997ef8c931bdb3bd817faea5e48674cea
            • Opcode Fuzzy Hash: b93e99dbf185665b4e17831568fcba2c5e17c824c540ea2ef452ad9c57e35705
            • Instruction Fuzzy Hash: 5CC18A70529382DFD721CF58C140B6BB7E4FFA4704F04486AFA958B259E774CA49CB52
            Function 01248402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 01248421
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0124855E
            • @, xrefs: 01248591
            • LdrpInitializeProcess, xrefs: 01248422
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: f10c80267380a330ae17cf41a27639b95038a7e631688e768667600d15c83a10
            • Instruction ID: 0ed261fa9a5a91e86c07d33ee0d4475112b1c08e5b1ab6bdcf99d1e12234b8a5
            • Opcode Fuzzy Hash: f10c80267380a330ae17cf41a27639b95038a7e631688e768667600d15c83a10
            • Instruction Fuzzy Hash: E7918E71568345EFD725EFA5CC81FBBBAE8FB84744F40492EFA8492191E334D9048B62
            Function 0124273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • .Local, xrefs: 012428D8
            • SXS: %s() passed the empty activation context, xrefs: 012821DE
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012821D9, 012822B1
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012822B6
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: 7881e514999992ebcd6deae92111676b913c34dc4f282fd4c8f541cc1c1f0e81
            • Instruction ID: 4d6226058ce1580ad5b726c1d7bc2e7cc234513bc8e1e3ca7f0dc1b777627133
            • Opcode Fuzzy Hash: 7881e514999992ebcd6deae92111676b913c34dc4f282fd4c8f541cc1c1f0e81
            • Instruction Fuzzy Hash: 91A1EB3592122ADFDB29DF59DC84BA9B7B0BF58314F2441E9EA08A7251D7709EC0CF90
            Function 012164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0127106B
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01270FE5
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012710AE
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01271028
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 16f410114b9fd13865dd3109484ca194d1739b0fba7419fb7bdeaac60dbdcc07
            • Instruction ID: 709cacfde439e653fd443a49648e0ceaccfd407bfe6a11f7b1d73fc4fdf1a87f
            • Opcode Fuzzy Hash: 16f410114b9fd13865dd3109484ca194d1739b0fba7419fb7bdeaac60dbdcc07
            • Instruction Fuzzy Hash: E671D2B1924306AFCB61DF18C885BAB7FE8AF64754F000468FD498B18AD774D588CBD2
            Function 0123245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 0127A9A2
            • LdrpDynamicShimModule, xrefs: 0127A998
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0127A992
            • apphelp.dll, xrefs: 01232462
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 0c5a7fe8da9bb85c1365f207f5c94409c452dea112b335280354a4bf95fa3e41
            • Instruction ID: 47bf1a704400a31062869c42cd696387ef1ce964a25823c101bf4f7264ce8870
            • Opcode Fuzzy Hash: 0c5a7fe8da9bb85c1365f207f5c94409c452dea112b335280354a4bf95fa3e41
            • Instruction Fuzzy Hash: 81314AB1620202EFDB369F5D8891A7FBBFCFB84B14F1A005AEA0067249C7B09951C740
            Function 012229A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0122327D
            • HEAP[%wZ]: , xrefs: 01223255
            • HEAP: , xrefs: 01223264
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: a92248a309b78c2fd017afde830b506addc0df2c70e9652f314bc9457d19496f
            • Instruction ID: 2840e9132d2e714380a99a2e84cd735307c7b465b35f0773ab0873dd2e9c3ef8
            • Opcode Fuzzy Hash: a92248a309b78c2fd017afde830b506addc0df2c70e9652f314bc9457d19496f
            • Instruction Fuzzy Hash: BD92CE71A2426AEFDB25CF68C440BAEBBF1FF48300F148059E959AB351D779A941CF50
            Function 01220770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 64fbfa3c4d6721be30c7059ba4ab91049f29a89c962d1b3de10a35679d5415c6
            • Instruction ID: 88929c95797ece16bb6b2f6393706bcb6af28462924b6f59f1b3e0d854df2e38
            • Opcode Fuzzy Hash: 64fbfa3c4d6721be30c7059ba4ab91049f29a89c962d1b3de10a35679d5415c6
            • Instruction Fuzzy Hash: 79F1BB30B20606EFEB25CF68C894B6EB7B5FF44700F148269E6069B391D774E981CB95
            Function 01236962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: fa2f05b2419575df83245e1bbcb807dfcf0dab34964a7b1cebde49e60582da77
            • Instruction ID: 6aff80f90802c81823dd46e7b03dff3d303a750580971cb34c5656cd97b6a639
            • Opcode Fuzzy Hash: fa2f05b2419575df83245e1bbcb807dfcf0dab34964a7b1cebde49e60582da77
            • Instruction Fuzzy Hash: 17C284B16283429FDB25CF28C481BABBBE5AFC8714F04892DFA89C7241D774D945CB52
            Function 0120A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 3e15f9986da2bae14fc4189ca5fe548c336b41513aa70036e64fb3573335ddb6
            • Instruction ID: 207a29d10a0b56064674ad197317669977a7bbb4335840ea3fa008cca7dd3e59
            • Opcode Fuzzy Hash: 3e15f9986da2bae14fc4189ca5fe548c336b41513aa70036e64fb3573335ddb6
            • Instruction Fuzzy Hash: 9FA1607192162A9BDB31EF64CC88BEAB7B8EF44710F1001E9DA08A7290D7359ED4CF50
            Function 01230BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 0127A121
            • LdrpCheckModule, xrefs: 0127A117
            • Failed to allocated memory for shimmed module list, xrefs: 0127A10F
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: ac04cc5c16b63f927017cdfaa5b6dd148460998fa7ac81ddb9824765c1a644c8
            • Instruction ID: 5f86d2e6e4a042d9d28b47400bb1874aa8e1af31c1d1f2cd504e1b678ef0a858
            • Opcode Fuzzy Hash: ac04cc5c16b63f927017cdfaa5b6dd148460998fa7ac81ddb9824765c1a644c8
            • Instruction Fuzzy Hash: BE71C4B0A20206DFDB2ADF68C991BBEB7F8FB84704F18442DE90297255E774AD41CB54
            Function 01220A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: af1eb890f9a13a95766b1875eac805678d1091dbab193d532ab79fe9a18bc4ea
            • Instruction ID: eb1c272d59eb09d98d7d5178c92df040f32872a7baad3afa46aa4d021f49d0df
            • Opcode Fuzzy Hash: af1eb890f9a13a95766b1875eac805678d1091dbab193d532ab79fe9a18bc4ea
            • Instruction Fuzzy Hash: F161D070620316EFDB29CF28C485B6ABBE1FF44704F14855AF9598F292D7B0E881CB95
            Function 0124C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 012882E8
            • LdrpInitializePerUserWindowsDirectory, xrefs: 012882DE
            • Failed to reallocate the system dirs string !, xrefs: 012882D7
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 17c839ace4483692d0b528d2c5d58ac348be490d207dd985581824d269f89bda
            • Instruction ID: 4b6c6b3d4f85d4e3c35aae3247f977b1e844ae487fc2fa19f3cacbdcd071b5ce
            • Opcode Fuzzy Hash: 17c839ace4483692d0b528d2c5d58ac348be490d207dd985581824d269f89bda
            • Instruction Fuzzy Hash: 124124B1566306ABD72AEB6CDC41B6B77ECEF44750F00452AFA48D3295E770D810CB91
            Function 012CC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 012CC1C5
            • PreferredUILanguages, xrefs: 012CC212
            • @, xrefs: 012CC1F1
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 4cdd78a730930df90ef1d44cf770bd667f27a13cfff7f5d6d6605237888507f6
            • Instruction ID: 43a9a4aaa5ea4928793a3d5f95be5fbc0a41d1c751a0055c39f6323d56734bbc
            • Opcode Fuzzy Hash: 4cdd78a730930df90ef1d44cf770bd667f27a13cfff7f5d6d6605237888507f6
            • Instruction Fuzzy Hash: 86416671D2021AEBDF11DAD8C891FEEBBB9AB14B10F14416EE709B7240D7749A44CB51
            Function 012A4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 771b4faeb0bbcc0d67f208f8c8390f81b24e3997ad999aa09301b0d8642bc6de
            • Instruction ID: d7c7087b39d4a97dc1e3a6678e1f80e4a987414a832ff46a492291feaec5a3fe
            • Opcode Fuzzy Hash: 771b4faeb0bbcc0d67f208f8c8390f81b24e3997ad999aa09301b0d8642bc6de
            • Instruction Fuzzy Hash: D4411831920399CBEB25EBE9C940BADBBB4FF55340F580469DA01EB782D7B4D901CB10
            Function 01294755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrredirect.c, xrefs: 01294899
            • LdrpCheckRedirection, xrefs: 0129488F
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01294888
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 54f238c7352bc5209d4ec995407e1565de87f2cfe92d98ad7f0895fa0212a79d
            • Instruction ID: 2aa4b5f7ca198be9ddc57106ee3a7ea8d49e5d264213ce910e3df7bcd1aa1982
            • Opcode Fuzzy Hash: 54f238c7352bc5209d4ec995407e1565de87f2cfe92d98ad7f0895fa0212a79d
            • Instruction Fuzzy Hash: 2541F132A346928FCF26EE5DDA40A6A7BE4BF49A54F05055DEE499B351D330D802CB80
            Function 01220BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 9fd1841ecef1e6675ea379802d5cedf3964062277c081f03aafe1966c5a39535
            • Instruction ID: ab01151cc0f85809af08247ad1a940a16f40864b33a4bc77ad8af5313ace108c
            • Opcode Fuzzy Hash: 9fd1841ecef1e6675ea379802d5cedf3964062277c081f03aafe1966c5a39535
            • Instruction Fuzzy Hash: 1E11DF31374152AFDB2ACF18C466B3AF7A5EF50615F18852EF506CB292EB30E840CB58
            Function 012920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 01292104
            • LdrpInitializationFailure, xrefs: 012920FA
            • Process initialization failed with status 0x%08lx, xrefs: 012920F3
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: a4292c86c4405cc10bcb143f506179adfc79b867ed282b9ea5fd68bad1787ace
            • Instruction ID: 3c7232f4b1e5efc1983f0a28f434e604288063870bf63190b3e7ab167639ade9
            • Opcode Fuzzy Hash: a4292c86c4405cc10bcb143f506179adfc79b867ed282b9ea5fd68bad1787ace
            • Instruction Fuzzy Hash: 96F0AF75660209BFEB28E64D9C56FA977ACEB40B54F50006DFB0077286E3B0A950CA91
            Function 012203E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: ee69f0406a538146de0081ef0cea4470cb8585996284b7ee3a041230d2192859
            • Instruction ID: 65948b0aa320177eb87ebb67b89a4153e86265ec7bcda066f83da93f4c5c7db9
            • Opcode Fuzzy Hash: ee69f0406a538146de0081ef0cea4470cb8585996284b7ee3a041230d2192859
            • Instruction Fuzzy Hash: AD715A71A2015AAFDB05DFA8C994BAEB7F8FF08304F144065EA05E7251EB78ED41CB64
            Function 0121A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Exit, xrefs: 0121AA25
            • LdrResSearchResource Enter, xrefs: 0121AA13
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: 1cd0332776244868494f077c3566a05119a29389c5d96f7e1e7a9b81c22cf8b8
            • Instruction ID: 8b57580f3bee7b77e8e035343007c032fb3855d250effef16fc97eebeb2de31b
            • Opcode Fuzzy Hash: 1cd0332776244868494f077c3566a05119a29389c5d96f7e1e7a9b81c22cf8b8
            • Instruction Fuzzy Hash: 00E18371E2129ADFEF22CE99D980BAEBBF9BF24310F144425EA01E7245E774D940CB51
            Function 012DA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: dc9a2159e2798b73ee8f4d0a91d7b3fe3a6dca69e67bce541f55e15bd334c34e
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: E6C1AE312243429BEB25CF28C841F6BBBE5EFD4318F184A2DF6968B290D7B5D545CB81
            Function 0128E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: 996d3b6d71571151addf15a3de239165b44238ca3297e2f8a024eabf55b756b0
            • Instruction ID: 43cbdb941794575ccef47fd1234cd25c47012d53ec7fc723cf50f652b652acd1
            • Opcode Fuzzy Hash: 996d3b6d71571151addf15a3de239165b44238ca3297e2f8a024eabf55b756b0
            • Instruction Fuzzy Hash: F7616D71E212199FDB15EFA8C940BBEBBB9FB54700F15402DEA49EB291D731A940CB50
            Function 012B43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: fb22356ff39cd471b94859e29f56dc4c3df332528efac9fc2b2e830e80508f8b
            • Instruction ID: e6fa709234c7853dd82899d5f0d8d755341efd2913d9dd86a70f2461209bcd46
            • Opcode Fuzzy Hash: fb22356ff39cd471b94859e29f56dc4c3df332528efac9fc2b2e830e80508f8b
            • Instruction Fuzzy Hash: E0514A71D2065EAFDF11DFE9CCC0AEEBBB8EB58794F100529EA11B7281D6349905CB60
            Function 012104E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • kLsE, xrefs: 01210540
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0121063D
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 0c2b3f19cae03396039cfb3f03f42f5a600dd53b1950623093bb6789088d54ba
            • Instruction ID: 2efc311bdac41447132595da2df11a12ff95f2491189418adefc50cff9150945
            • Opcode Fuzzy Hash: 0c2b3f19cae03396039cfb3f03f42f5a600dd53b1950623093bb6789088d54ba
            • Instruction Fuzzy Hash: A251CF715207869FC725EF68C4406A7BBE4AFA4304F104C3EFA9987245E770D985CB99
            Function 0121A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Enter, xrefs: 0121A2FB
            • RtlpResUltimateFallbackInfo Exit, xrefs: 0121A309
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: b5cd48a0ceb9923478079b2eb8e9c7de55221724026761d60eff4352c70b4b50
            • Instruction ID: 82b8c49771aef93cd9e4d8ab8c32f1da0a31ce4d74fdd84e77fdb95ffbcced43
            • Opcode Fuzzy Hash: b5cd48a0ceb9923478079b2eb8e9c7de55221724026761d60eff4352c70b4b50
            • Instruction Fuzzy Hash: A741AC70A2569ADBDB16CF69C840B7EBBF4FF94700F2440A5EA05DB295E3B5DA00CB50
            Function 0124A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 75369db83e2d6aab24e21fff805dd03f5d615416651c4bac3294311170d35a80
            • Instruction ID: 798bcace8f5a196ab100f20722686ad0f5f080ea1f51b25f2f18c4075a3837f6
            • Opcode Fuzzy Hash: 75369db83e2d6aab24e21fff805dd03f5d615416651c4bac3294311170d35a80
            • Instruction Fuzzy Hash: 050128B22A0704EFD311DF14CD4AF2677E8E794B29F008939B649C7594E774D804CB4A
            Function 0121C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: f54f27c24b9c59841f43ec9ee159e37dcd53536dcb2d336aaa6331e00deb6387
            • Instruction ID: 7a163fa276b504dd9cae72b19d8c77932aeeb105e485148d4d820cce962e0410
            • Opcode Fuzzy Hash: f54f27c24b9c59841f43ec9ee159e37dcd53536dcb2d336aaa6331e00deb6387
            • Instruction Fuzzy Hash: 48829C79E60219CBEB25CFA8C8847EDBBF1FF68310F148169DA19AB258D7709941CF50
            Function 01296420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 53ee7a60d0bf8cc5434a9c5b8fde4089d9dbb84c42123a20f1c63aaeae3a4988
            • Instruction ID: d4336a46b7d45f8ffe283a1942ec14f304468a61d87182186ccd8b654d6bb556
            • Opcode Fuzzy Hash: 53ee7a60d0bf8cc5434a9c5b8fde4089d9dbb84c42123a20f1c63aaeae3a4988
            • Instruction Fuzzy Hash: EB9151B1A6021AAFDB21DF99CD85FAEBBB8EF58750F104055F700AB190D775AD04CB90
            Function 012BE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: aab6bdf0c43ff65d1408b043fe7d4a8e9556814c9f025b01055081967f9b000d
            • Instruction ID: f7f67460616a75e94b51efb9049e210ebee6bbc982444c570290bdf1872c564a
            • Opcode Fuzzy Hash: aab6bdf0c43ff65d1408b043fe7d4a8e9556814c9f025b01055081967f9b000d
            • Instruction Fuzzy Hash: C591AE7292160ABFDB26ABA4DC84FFFBB79EF45780F150025F601A7250E778A941CB50
            Function 0124A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 11498650fcc42d2236770a194f41a4781bc9bae43cebddd352ccee1acbf56d69
            • Instruction ID: 71fa5477e02a64fc5417ffdc5afbb28a4776fb41b6eefc1f92652b4fd0980135
            • Opcode Fuzzy Hash: 11498650fcc42d2236770a194f41a4781bc9bae43cebddd352ccee1acbf56d69
            • Instruction Fuzzy Hash: 9C7190B5E2121ACFDF28EF9CD5916ADBBB2FF48700F14812EE605A7281E7708945CB50
            Function 012B4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 3beb592335b5ab9d1b33b57ad9795d0545a47173959c9b47fb086e3e6cf77786
            • Instruction ID: 1abc1a0a197be9153e01b7d14b1361571fffcd0645ad37be2fac87a469c06e9c
            • Opcode Fuzzy Hash: 3beb592335b5ab9d1b33b57ad9795d0545a47173959c9b47fb086e3e6cf77786
            • Instruction Fuzzy Hash: CB51B672D2026A9BDB14EF99D8D0AEEBBB9BF14750F054129EA12B7241D3749C01CBE0
            Function 0122E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: d6e36cc97632b4c61613c66ba5da502879f1ae41cfa92a1edaed5ca8b8fb96ae
            • Instruction ID: 8b8fa7a518714e8d85a675cd16a5e5b7ad271b028acb993b2289c0a79f8ce850
            • Opcode Fuzzy Hash: d6e36cc97632b4c61613c66ba5da502879f1ae41cfa92a1edaed5ca8b8fb96ae
            • Instruction Fuzzy Hash: 4541A072528322BBD724DA75C840BAFBBE8AF98714F45092DFA84E7180E774D904D792
            Function 0128C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 0aa4d8ec204f4329b728ce3418a02691dd20bbf7992b55c93d66c1027ad28d9f
            • Instruction ID: b0d6d9c35ef497cc92ac65ed86a27f51b494c9c1b18ea86abcaf2c315e364f2b
            • Opcode Fuzzy Hash: 0aa4d8ec204f4329b728ce3418a02691dd20bbf7992b55c93d66c1027ad28d9f
            • Instruction Fuzzy Hash: 914146B1D6112DABDF21EB50CC84FEEB77CAB44714F0045A5EB08A7180DB709E998FA4
            Function 012A6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: a10fba2b6037c4027092ae36dea5ebb4a9812e9cd01f1e4126ad12613c687bd0
            • Instruction ID: 1415d80b70c8316a7f89a4974ae103128f7cc802ccf6c13910fa71c5522a66d9
            • Opcode Fuzzy Hash: a10fba2b6037c4027092ae36dea5ebb4a9812e9cd01f1e4126ad12613c687bd0
            • Instruction Fuzzy Hash: 30316131A203599BDB32DF68C858BFEB7B9DF04704F984069EA40AB281D775D805CB50
            Function 0128CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: f60e7bee796e592aed7820f218a2521a5f8b0b487f1a5beb112ba7b58c42828c
            • Instruction ID: bd33b11d14c7379dff9b573fd378fd84e0a5e99336e3c58803d91025ad3f16c2
            • Opcode Fuzzy Hash: f60e7bee796e592aed7820f218a2521a5f8b0b487f1a5beb112ba7b58c42828c
            • Instruction Fuzzy Hash: B931E876911916EFDB15EA59C845EBFBB74FB40720F018129EA05A7290E7309D14D7F0
            Function 0129892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0129895E
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: 215fc40779c47e5c7a3be737d404805102b260dd8fbecfff8a29021f4950f170
            • Instruction ID: 09c8cab07478fb0a1d6c26ce8c88310f02de5fd0a170c4ff2f58e1c96f2bb640
            • Opcode Fuzzy Hash: 215fc40779c47e5c7a3be737d404805102b260dd8fbecfff8a29021f4950f170
            • Instruction Fuzzy Hash: 9201FC3233020A5FFF365B5DCC94B667BA9EF97254F0C001DF74106651CB606841CB92
            Function 012B2000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70ea6917a4372391574b3ed72d106d5ce5b771409a22b0f28fa3fc000e4a57db
            • Instruction ID: 1e63a46d9c718b4002c6a405785667b6f456c8587060859d058c622d6ccf2d4a
            • Opcode Fuzzy Hash: 70ea6917a4372391574b3ed72d106d5ce5b771409a22b0f28fa3fc000e4a57db
            • Instruction Fuzzy Hash: 9B42B431628342DBD715CF68C8D0AABBBE5EF88380F08492DFA9697251D774E845CB52
            Function 012A8158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 089d715b682143dc3979ee85e61e71fc3850270373e0f04e9f77d6ec26cd86eb
            • Instruction ID: d99275399761265e0da96db63bcd8fffd689a85c0ce4063c87a45d4ca5f0bee8
            • Opcode Fuzzy Hash: 089d715b682143dc3979ee85e61e71fc3850270373e0f04e9f77d6ec26cd86eb
            • Instruction Fuzzy Hash: 36426D75E202198FEB24CF69C881BADBBF5FF88301F548199EA49EB241D7349985CF50
            Function 01222840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ac8baef189c787c71d777526cf3732001b6e301390033686895404e1904c744b
            • Instruction ID: 8059a78c157803434443594a8951bb435ba09c1c109adc10c9dfaecb87fa58d8
            • Opcode Fuzzy Hash: ac8baef189c787c71d777526cf3732001b6e301390033686895404e1904c744b
            • Instruction Fuzzy Hash: A732FC70A20B568FEB25CF69C8547BFBBF2BF84300F24411DD6869B285D775A806CB50
            Function 012BA118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc241d3ee28a39d09785f17b887812ceaf9984063ca0ced146258f0bd441ddca
            • Instruction ID: 35478d605a347918c0d6e01431a9d0aa790b48a6131a77f686d98bd2c4af5657
            • Opcode Fuzzy Hash: dc241d3ee28a39d09785f17b887812ceaf9984063ca0ced146258f0bd441ddca
            • Instruction Fuzzy Hash: 4422D0706346528FEB25CF2DC0D53B6BBF1AF44380F08845ADA968B286D775E582DB60
            Function 01216A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7dc5fd1f17148531a3b2069a9f881838d87a88e8ffca62a679c339715932441c
            • Instruction ID: 27d563eb4d0c45937f068f0802d78742036089271bf271d557ea6c73cbd48e49
            • Opcode Fuzzy Hash: 7dc5fd1f17148531a3b2069a9f881838d87a88e8ffca62a679c339715932441c
            • Instruction Fuzzy Hash: 6A32E071A20216CFDB25CF68C480BAEBBF1FF58300F148569EA55AB395D7B0E851CB90
            Function 01234A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: 00f20ac4dc7736c7486d1d8b928e98d1cef32fb9cd1f5670107594b777a2440a
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 37F194B1E2024A9BDF15DF99D580BAEBBF5BF88714F088169EA05AB340E774DC41CB50
            Function 012A892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c13b534c3ae39f0424707d7802368f7d277aadc1d41c7a2f48f6dd3b0e5fb36
            • Instruction ID: 3f9fd22a349c2a6d90c687d06165698ba27338f3d5ee9eded2b27f1d47457bd2
            • Opcode Fuzzy Hash: 7c13b534c3ae39f0424707d7802368f7d277aadc1d41c7a2f48f6dd3b0e5fb36
            • Instruction Fuzzy Hash: 13D10372E2060A9BDF09CF69C841AFEB7F2BF88305F588169D955E7241E735E901CB60
            Function 012165D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb05d5c7b95541b517b709a278c5a4958e2375f1e99ec8a7a23817edf8bd2733
            • Instruction ID: 193b4d1667968661682d31e7b06f8b2143fffdb07fef7dbb13b9eb7b83f5a010
            • Opcode Fuzzy Hash: cb05d5c7b95541b517b709a278c5a4958e2375f1e99ec8a7a23817edf8bd2733
            • Instruction Fuzzy Hash: C8E1D171618342CFC715CF28C080A6EBBE1FF99314F05896DE9958B355EBB1E905CB92
            Function 01208397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8bdc779f0eed6a4327867bdfa093ce6b78074cf4120c24e2f4f727276b79a46
            • Instruction ID: d4c15881f1c1655daebdc30d14efaca9f3ef7ea0581850410c2f4d8c0d5cb4b2
            • Opcode Fuzzy Hash: f8bdc779f0eed6a4327867bdfa093ce6b78074cf4120c24e2f4f727276b79a46
            • Instruction Fuzzy Hash: C3D1E371B206079BDB1ADF28C891ABB77A5FF54304F054229EA15DB2D2EB30D991CB50
            Function 01298243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 0b2b139b2f4c1a81415216e281082eff49448c315ba5bdbd55171307ea6de5b4
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 17B16574A106499FDF24DF5DC940EABBBB5FF86304F18446EAA42D7790DA34E905CB10
            Function 01220535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: c3e61181de36052f27b584cfbce6eee41aabaa74978018dfd8046a13feb456bb
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 72B10831620656AFDB26DB68C850BBFBBF6BF88300F140559E652DB281DB70ED41CB94
            Function 012183C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbedd9c22fb0c931b29d5ec17a8d00e42e3c589e5349867c18fdbbe1776acc73
            • Instruction ID: af4f8ec4790090d68a79177af1be8a8ac8c9b7136693940fcf66c58cba87048e
            • Opcode Fuzzy Hash: cbedd9c22fb0c931b29d5ec17a8d00e42e3c589e5349867c18fdbbe1776acc73
            • Instruction Fuzzy Hash: E9C157741283418FE764CF18C484BABBBE5FF98304F44495DEA8987291D774E944CF92
            Function 0120C427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c07170825b7c91a68d6a571ed7562b3f82e2cddf8ad902e67dd6436f8a9fb13e
            • Instruction ID: 8012d39be85f422d5c48d37c9c540a26e114a6652554e248805a6d504306a17f
            • Opcode Fuzzy Hash: c07170825b7c91a68d6a571ed7562b3f82e2cddf8ad902e67dd6436f8a9fb13e
            • Instruction Fuzzy Hash: B8B181B4A202668BDB35CF58D880BB9B7B5EF44700F0486E9D50AE7281EB71DDC5CB20
            Function 0123E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f72e79babc0b15b29981fcb7555f0103eeabad877ff1f71113da76f4fe88ee6d
            • Instruction ID: a5ba43304c4691ddd695a0c04aa188f7d7ba4a492d27e2dc5345bc3b7bdc758a
            • Opcode Fuzzy Hash: f72e79babc0b15b29981fcb7555f0103eeabad877ff1f71113da76f4fe88ee6d
            • Instruction Fuzzy Hash: AAA127B1E24616AFEB22DB5CC944BBEBBA4BF44710F060115EB20AB2D1D7749D44CBD1
            Function 01250185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c4dbe88efdb2a9b790065408a54e4c0f1079adcd83fd358a2f5053a1388b32c6
            • Instruction ID: 0fcda33aeb97795535567eecaff7d7705e6726a3fda48c7769b4c5fabee30cb7
            • Opcode Fuzzy Hash: c4dbe88efdb2a9b790065408a54e4c0f1079adcd83fd358a2f5053a1388b32c6
            • Instruction Fuzzy Hash: FFA1DF70B216169FEB65DF69C8D1BBABBA4FF44318F004029EF0597282EB74E851CB54
            Function 012E4500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c4a34a7cb0772edbafc489d0e9838f6228441be27720ec23ffde4ba92fd47138
            • Instruction ID: 7e7f450b180093f3860fd22970d965b583367c4bd30b0e31155b57f83e170562
            • Opcode Fuzzy Hash: c4a34a7cb0772edbafc489d0e9838f6228441be27720ec23ffde4ba92fd47138
            • Instruction Fuzzy Hash: 18A1DDB2A20292EFC716EF18CD84B6ABBE9FF58314F850529E645DB650D334ED10CB91
            Function 012E2B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: 30a0dc9784a4bc34a87a6cb94761ffcab59c510cc693f3afc234794fe2df06cc
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: 47B15971E1061ADFDF19CFA9C884AADBBF9FF48310F548169EA16A7350D730A941CB90
            Function 012960E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93907b209a1288d080228385056cd55a3444dda8f752beb2a46e7a7b4c33e8db
            • Instruction ID: 6ff4db2a0e91d80bc8f4486d53cfcf7fc857c6beb62d5ab74e0993c62670bca7
            • Opcode Fuzzy Hash: 93907b209a1288d080228385056cd55a3444dda8f752beb2a46e7a7b4c33e8db
            • Instruction Fuzzy Hash: 799191B1D1021AAFDF15CFACD894BBEBBF9AF48710F154169EA10AB341D734D9009BA4
            Function 0122E3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4d44d0c8d0f16030b40fdac0ddcb46f95d6b99cdb00f73beb0ae5e255b25eacc
            • Instruction ID: 9653ca27ae830fa3f356487a9d3131d3ccf1036e38c95966aad2516bc2216262
            • Opcode Fuzzy Hash: 4d44d0c8d0f16030b40fdac0ddcb46f95d6b99cdb00f73beb0ae5e255b25eacc
            • Instruction Fuzzy Hash: 56915671A30636EBEB24DB5CD841B7E7BE1FF94724F068069EA059B380EA74D841D750
            Function 012DAB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: c2dfc51f746b3d8cb2f51d3e4cd1bf2ef520c953beafa97981bbc3cb17b9f332
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: A1819231A2020A9FDF19CF98C881ABEBBF6FF94310F188569D9169B385D774E941CB50
            Function 0124E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fdec0b4dc6015a1a9077e6a7e7346de7dccd400f0d6340bcb5f8f15773385280
            • Instruction ID: db500089eb1ecc1a74b7a8a12090161714dc4ed22400d2901da076cdf07e3ef0
            • Opcode Fuzzy Hash: fdec0b4dc6015a1a9077e6a7e7346de7dccd400f0d6340bcb5f8f15773385280
            • Instruction Fuzzy Hash: 3181837191060AEFEB26DFA9C880BEEBBF9FF88314F114429E655A7250D770AC45CB50
            Function 0122C640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eaa9d7e7d351cc4018315c656a7d659ee035f6d7629d1692c05049115671b2f0
            • Instruction ID: 407afd2e7b48bf8ed64ef87c2c22fe8b84ca01519828140bc213ac4d35a134c6
            • Opcode Fuzzy Hash: eaa9d7e7d351cc4018315c656a7d659ee035f6d7629d1692c05049115671b2f0
            • Instruction Fuzzy Hash: 8171B1B5D24666EFCB2A8F69C8917BEBBF9FF58710F14411AE941AB350D3709810CB90
            Function 012C47A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8bd6c54172cfd6a487319acd29abf1412df47e7316617563d3c0d1eadd3ad683
            • Instruction ID: da53ac42cc5fb61cbca319e67a3c5ba3194479c09801d62fc8d525dc28b5f457
            • Opcode Fuzzy Hash: 8bd6c54172cfd6a487319acd29abf1412df47e7316617563d3c0d1eadd3ad683
            • Instruction Fuzzy Hash: 857171B0920246EFDB21EF99D975AABBBF8EF90B10F10525EE70497298C7318950CB54
            Function 0122260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9d0956b410b62211f037020ce7a7a6504981901194e76c2cbfcad875f9e5167c
            • Instruction ID: 92f8b174f35e3e58378f8f1b8bce65a432e7d527a171c4181df09453fc0354d9
            • Opcode Fuzzy Hash: 9d0956b410b62211f037020ce7a7a6504981901194e76c2cbfcad875f9e5167c
            • Instruction Fuzzy Hash: C871E332624652DFD326CF2CC480B3AB7E5FF88300F0485A9E9548B352DB78D845CB91
            Function 0129035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 12644a61db75d7df052ecc72a7e8c178c91ff5424b95bccb46c5cd294d5bf6f8
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: B2716C71E2061AAFDB10DFA9C984EEEBBB8FF48710F104569E505E7250DB34EA41CB94
            Function 012A62A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7bfe5c0d1546500aab50f6ea9ec886ff25e1ae687d18de1b5edb71422f414909
            • Instruction ID: 8da0ee63a84db5807717380f7f197c3a4838f8a470aab7d35c1e68922039e667
            • Opcode Fuzzy Hash: 7bfe5c0d1546500aab50f6ea9ec886ff25e1ae687d18de1b5edb71422f414909
            • Instruction Fuzzy Hash: 6F71E172260B02EFE732DF18C845F6ABBA6EF44720F584428E7568B2E0D775E945CB50
            Function 01218AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 32550e8e2ac849b8bf7ad38f5e6231b2a230b6858c7da2ed9ad4fc612580d322
            • Instruction ID: e13177e5ea3f46580de7b4cde4e07ce3e244b90efd7f8dd5c3101db8b228eb0f
            • Opcode Fuzzy Hash: 32550e8e2ac849b8bf7ad38f5e6231b2a230b6858c7da2ed9ad4fc612580d322
            • Instruction Fuzzy Hash: 2181BC72A24316CFDB25CF98D584BAEBBF5BB58310F15412EDA00AB285E774DE40CB94
            Function 012E8324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb748c3a5514494fc432690a04a28bdafba2f5e65df118fe7eaf59ff4b42a599
            • Instruction ID: 8686aee338bea6563674c42f9a52ecd36eeb020d575fe021d94be0cd42ecb355
            • Opcode Fuzzy Hash: fb748c3a5514494fc432690a04a28bdafba2f5e65df118fe7eaf59ff4b42a599
            • Instruction Fuzzy Hash: 90712C71E2021AEFDF16DF94C885FEEBBB8FB04350F104119EA54A7290E774AA05CB90
            Function 012CA250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 413e0687462081ee4aeecbed7fe4bb4c08cdfbe1159aae6651cc6265dfa901a7
            • Instruction ID: 7d7821d529e01bdaf37085bad621aa14f833d4f34210ce6951fb98ad5cd9d2c1
            • Opcode Fuzzy Hash: 413e0687462081ee4aeecbed7fe4bb4c08cdfbe1159aae6651cc6265dfa901a7
            • Instruction Fuzzy Hash: F151B072524756AFD722DE68C884E6BF7E9EBC4B50F014A2DBB40DB150E670ED04C7A2
            Function 012B8350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a7d6732dd358fdc99d3e660fd248ceccbfe60f4f4645ffb086bcbaddf220c2e
            • Instruction ID: 13d30137da3d27e353daf6559e70d9c1f9eac628bfc0c82eb1a631ecd679a08f
            • Opcode Fuzzy Hash: 9a7d6732dd358fdc99d3e660fd248ceccbfe60f4f4645ffb086bcbaddf220c2e
            • Instruction Fuzzy Hash: 72519C70920706DBD721CF6AC8C0AABFBF8FF94750F10461EE29A576A0D7B0A945CB50
            Function 0124E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 641cc6f6c0191088443b572ec148bb70f15007808934830e13706e218e9bfbce
            • Instruction ID: b166bb0387fc07ea795d079a3eda0b4fb53013f81e9cea913ea2849a44c06413
            • Opcode Fuzzy Hash: 641cc6f6c0191088443b572ec148bb70f15007808934830e13706e218e9bfbce
            • Instruction Fuzzy Hash: 56519F71220A16EFDB26EF69C980EAAB3FDFF58754F41046AE60197660D738ED40CB50
            Function 012B4180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e9450d428ab503619d218f8fc696db03f5acbbae4d984c2d7182c15e7b6ed0d
            • Instruction ID: 5af5f40f0ac82914031393344117d8b2fa29431b8fb7a84b539ea451afe7bb26
            • Opcode Fuzzy Hash: 9e9450d428ab503619d218f8fc696db03f5acbbae4d984c2d7182c15e7b6ed0d
            • Instruction Fuzzy Hash: 575168716283829FD750EF29C8C1AABB7E5BFC8348F58492DF586C7251D730D9058B52
            Function 012345B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: 7b6d0a3b5d75adc3c223587f76e76d6ab563d9437ac840989f1f994e63ff2844
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: F5518FB1E1025AAFDF16EF95C440BFEBBB9AF85350F0440A9EA05AB340D774D944CBA0
            Function 0129E9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: d448ed537cce5ced54262398f2a62dbebb9f9e555b4225789036cfe1a3c642e7
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: C551C931D2021AEFEF11DF9CC8A1BAEBB75BF14314F164665DA1267290E7749D40C7A0
            Function 012D8B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a2ccd13213c7a37248d7607576c09765c7461b170caef878967eced957f6f7fa
            • Instruction ID: 4e184f758190068123fa8ed1266328c7cc26770c199af20e08e347fa4d1270af
            • Opcode Fuzzy Hash: a2ccd13213c7a37248d7607576c09765c7461b170caef878967eced957f6f7fa
            • Instruction Fuzzy Hash: 6F41F5707256129BDB29DB2DC894F7FBBAAEF90620F048219EA55C72C1EB74D801C791
            Function 0129CBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb8c978cd78d8fa8fd6688c740afc2e56256bb75e774fa90ac9e42e9668d2cf0
            • Instruction ID: e3dba6ef5fa6025a420d79397a4dcb82063506c3b8cd2cb91938890cf39c3366
            • Opcode Fuzzy Hash: fb8c978cd78d8fa8fd6688c740afc2e56256bb75e774fa90ac9e42e9668d2cf0
            • Instruction Fuzzy Hash: 57519FB191021ADFCF21DFADC9909AEBBF9FF58354B50451AD605A3708D730AE11CBA0
            Function 0124A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b60b9e955d0d0a1223b1b3271045668ba1c7c07026214ccaa32f14e44580a37
            • Instruction ID: 6e7605c7b40fcf79f4a745d64b8e62c1389cfd5f33573d753fb1531c38f850c7
            • Opcode Fuzzy Hash: 2b60b9e955d0d0a1223b1b3271045668ba1c7c07026214ccaa32f14e44580a37
            • Instruction Fuzzy Hash: 03412071761256DFCB2EEF69A891B3D37ACEB54708F00002DEE069B246D7B19810C750
            Function 012DA9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: 88a206689858936c0c8843343455fb2081637b44089dc364505eb88516c08463
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: 2E410971620717AFCB25CF68C880E7AB7A9FF80210B04862EEA5687240EB70FC14C7D1
            Function 012401F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6cf3af9d15c36cae2f4ba467f6f54d7164da860c977458e745ae2f4e850a3e8
            • Instruction ID: db01ed6f22d1cb2dc35e309bf798e25647d9895057ea12f9e378c5086c3eb540
            • Opcode Fuzzy Hash: c6cf3af9d15c36cae2f4ba467f6f54d7164da860c977458e745ae2f4e850a3e8
            • Instruction Fuzzy Hash: 3041AD3592121ADBDB18DF98C440AEEBBB4FF48710F14816AFA15E7380D7759D81CBA8
            Function 0123EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d13888e67304ea9e80f385208e19b0ced968f069406004d4fa25cde33ed370ee
            • Instruction ID: 90a67e5dffd55f159b00a129b540d3093900eed0c9e9f074ac5b48fc08a59240
            • Opcode Fuzzy Hash: d13888e67304ea9e80f385208e19b0ced968f069406004d4fa25cde33ed370ee
            • Instruction Fuzzy Hash: AE41E7B12243069FDB25DF28C884A6BB7E9FF88214F014C2AE667C3715DB71E858CB50
            Function 01252750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: 9ecd7317b0d652e536034ba1df065b167b77bc8b2a11519e271e946f5c3cd062
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 10517E75A11216CFDB15DF5CC480AADF7B2FF84710F1481AAD916A7391DB70AE41CB90
            Function 01216154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a36707218009b7b4e84405b4b34867a7568c951b86b4923d2c72700565d1d42e
            • Instruction ID: c74364b4bd6a798992a121b98b5171522a48b3234cf4fc4a3a0920969f57ef29
            • Opcode Fuzzy Hash: a36707218009b7b4e84405b4b34867a7568c951b86b4923d2c72700565d1d42e
            • Instruction Fuzzy Hash: A351E4B0920217DBDB26CB28CC01BFDBBF1EF25314F1482A9E625A76D9D7B45981CB40
            Function 01210BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93e37269f02fb40ac38b479bc3e0b20079593f0fbd5ed9de4226b97adb1f6e7a
            • Instruction ID: 8b9bbc0db6905ffffda5f96f30a184f7664fd33391566c5a1210f031084de741
            • Opcode Fuzzy Hash: 93e37269f02fb40ac38b479bc3e0b20079593f0fbd5ed9de4226b97adb1f6e7a
            • Instruction Fuzzy Hash: 91418275A20229DBDB21DF6CC940BEE77B8EF65750F0100A5EA08AB281D7749EC1CF95
            Function 012D866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: a9970ed05e58a682150c0ecdaea3a3110035438e92c27b79ec0fa8dcab24d11b
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 7641D475B20206AFEB15DF99CC85ABFBBBAAF88350F154069EA00E7341D670DD40C7A0
            Function 01210887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ba9654e8d3919f9685a0a28a0bfabc731666fe7961fdcc3f13e65ff65f2ec964
            • Instruction ID: e47d76f816e61a5a682a1dce6f9a14b89d0a3fd51af8d79f59620a8519f4120f
            • Opcode Fuzzy Hash: ba9654e8d3919f9685a0a28a0bfabc731666fe7961fdcc3f13e65ff65f2ec964
            • Instruction Fuzzy Hash: 4C41F8B0620702DFE725CF28C490A26B7F9FF58314B108A6DE64787A58E771F895CB94
            Function 0123A470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7195d67196e7e26997f87b99b9c8ebfc2409231bc5dd773f73d9ad2a2c757ffb
            • Instruction ID: ee5252377dc2e25dfc9600c02ec3a78c5bda345e1cc39b323c0adb66824041e3
            • Opcode Fuzzy Hash: 7195d67196e7e26997f87b99b9c8ebfc2409231bc5dd773f73d9ad2a2c757ffb
            • Instruction Fuzzy Hash: 3B410371924205CFDB22DF68E8957EE7BF4FB98310F0401AAD611E72D1DB759A04CB60
            Function 01218BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 48031a5fa9e2804543b3b264ba1d904c465b57644ec916c91a86db902a196a8e
            • Instruction ID: be929365cce92c67c24490bbe5707c5355f8b05d5708324d221ceb9d679a8c32
            • Opcode Fuzzy Hash: 48031a5fa9e2804543b3b264ba1d904c465b57644ec916c91a86db902a196a8e
            • Instruction Fuzzy Hash: 60410731921202DBD729DF58C8C0A6ABBF9FFA4704F14812EE6015B259D775D941CF90
            Function 01208918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5c25f2be6789a1d171db7b13f8c487459d8ae2bfb6d5c45b13a3c47dc18b3977
            • Instruction ID: c449444d08eee1b2726845c31a1b2eda0d0542f0019a949fd04845fbb672c263
            • Opcode Fuzzy Hash: 5c25f2be6789a1d171db7b13f8c487459d8ae2bfb6d5c45b13a3c47dc18b3977
            • Instruction Fuzzy Hash: CC4185715283469ED312EF64C841A6BF7E9EF84B54F40092AFA44D7290E774DE448BD3
            Function 0120A020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: d092752182c732d2177ed4d79b538a52b6edeaf80c81b47237dd8a1c97ea4ae4
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: CE414B31B20316DBEB12DF1884407BAB766EB50750F55816AFB45CB2C2D6738DC0C790
            Function 012109AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7f2f844ad93130bef900bbc4ff4c45e0179119dee6d663c0b8bb309e534c1a2
            • Instruction ID: b5ca06f81efebd1420b540264bc35ec301b59aa9be0972ea316bd84bfbb33731
            • Opcode Fuzzy Hash: a7f2f844ad93130bef900bbc4ff4c45e0179119dee6d663c0b8bb309e534c1a2
            • Instruction Fuzzy Hash: 22418E72620702EFD721CF18C840B26BBF5FF64714F20856AE649CB255E771E981CB94
            Function 01240710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 39e314bb507b08032c4678921c2926ddff121a1c31ba3390d42f708f55a54004
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: 7B415071A10705EFDB28CF98C980AAABBF4FF18700B10496DE656D7691E370EA84CF55
            Function 0121262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dfb4a62331a9a772fa108d6bb6c16ab8b6456104ce4a83021d5dc9ce86048f2b
            • Instruction ID: 5d7b9bf1e409b8cdfcb4f557d39e074e4c9115edcf58d3cc989984b425cd68ff
            • Opcode Fuzzy Hash: dfb4a62331a9a772fa108d6bb6c16ab8b6456104ce4a83021d5dc9ce86048f2b
            • Instruction Fuzzy Hash: 3C4125B0521305CFCB26EF28D90172ABBF5FF64314F208569D5169B2E9DB309941CF40
            Function 0124C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d1b6a3979f9f47cc145876ff422ccfa620c91bdd568f5d30f90079cdede1f6ef
            • Instruction ID: f5241caf341ec562bf19a719003d2b00d7b0443a91430cc40c0d19404db3988a
            • Opcode Fuzzy Hash: d1b6a3979f9f47cc145876ff422ccfa620c91bdd568f5d30f90079cdede1f6ef
            • Instruction Fuzzy Hash: 89319CB2911256EFDB15DF5CC4407A9BBF0EB08714F2085AED119EB291D3329902CB90
            Function 012907C3 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d90b4fafdd5d8c272db87b89883c9df64b513e41cd5aeeced704bc7b67406650
            • Instruction ID: 48d238dc40a36c937b6c2a6e244ebd69d5e1cb97e563d3782b72e42eafefe9d2
            • Opcode Fuzzy Hash: d90b4fafdd5d8c272db87b89883c9df64b513e41cd5aeeced704bc7b67406650
            • Instruction Fuzzy Hash: CB419DB1614345AFD760DF29C845BABBBE8FF88754F004A2EFA98C7251D7709844CB92
            Function 012080A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12345a6db00affdc4c81d63f82840e7adf4cca7e9e90b2707ffb8bd9af37a419
            • Instruction ID: 8253174cf615b63a9784da2d21acc2ca7fbab570d491459083a9a34e9038e6d0
            • Opcode Fuzzy Hash: 12345a6db00affdc4c81d63f82840e7adf4cca7e9e90b2707ffb8bd9af37a419
            • Instruction Fuzzy Hash: 9541D071E24616EFDB02DF18C8806AAF7B5BF54760F248329D915A72C2D771ED418BD0
            Function 012905A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a12aa7ed8a0bdc0b760a45f14d61ae91e30c64be7495468efe9df74c0d3369e2
            • Instruction ID: 323214ef64553d81cc3da51f7d4af99cdec0fed66a27c1d3184e2d3e972faf9e
            • Opcode Fuzzy Hash: a12aa7ed8a0bdc0b760a45f14d61ae91e30c64be7495468efe9df74c0d3369e2
            • Instruction Fuzzy Hash: 0141C4725146469FC720DF6CD840A7AB7E9FFC8700F144629FA54D7680E730E904C7AA
            Function 01214859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fdf11868dd531cc33f08d14ed24bed821f5b4cf63980b672a30e0e6c190e575b
            • Instruction ID: 712bc0afc6b3f79f39c179c893f2d331cce92c88d816cb84b2175d2b2cb9c158
            • Opcode Fuzzy Hash: fdf11868dd531cc33f08d14ed24bed821f5b4cf63980b672a30e0e6c190e575b
            • Instruction Fuzzy Hash: 934119702203428FD725EF1CD854B3ABBEAFFA0760F14442DE6498B299D770D811CB51
            Function 01208B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7793d8e0400cb8843d34fc86c1f6b2d52ac41902f493ff5a3c4892cdbc06423b
            • Instruction ID: c2a4ac5cc2c159818cc49bccdd12965a971ae1df84ece561aafd1dec6f983874
            • Opcode Fuzzy Hash: 7793d8e0400cb8843d34fc86c1f6b2d52ac41902f493ff5a3c4892cdbc06423b
            • Instruction Fuzzy Hash: 1541A371E21605CFCB16DF69C9809AEBBF1FF98320B10862ED566E72D2D7349941CB40
            Function 012202E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: f69610382259029dce290188a069b5d96668b08fa5f4ba0a1e97e002a3b59724
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: 85311832A24255BFDB12DB68CC44BEFBFE9AF14350F044165F855D7352C6B49844CBA8
            Function 012BE3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2acde31cf93f9ba4a78b8208bc7518770e9cc8339b21b89a8e92d2897d8f315e
            • Instruction ID: b810601c217fe54d6bacaf30b9ea52958d86c2b1604ab80554b199d5bcf6b110
            • Opcode Fuzzy Hash: 2acde31cf93f9ba4a78b8208bc7518770e9cc8339b21b89a8e92d2897d8f315e
            • Instruction Fuzzy Hash: D131BC75760716ABD726AF658C81FFF76B5EB58B50F010025F600AB391DAB8DC00C7A0
            Function 012C4B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f2eef94f508fdccfbbf0fa989d5a30132d9a20347b61492373572d50824b3932
            • Instruction ID: 7f084f4e0236cc74872b6982c160ff5fa3f302e4e3ba72510e33a47655c267b5
            • Opcode Fuzzy Hash: f2eef94f508fdccfbbf0fa989d5a30132d9a20347b61492373572d50824b3932
            • Instruction Fuzzy Hash: 48312672614252CFC321EF1DD8A1E2BB7E9FF80720F09416EEA558B225D731E910CB80
            Function 01214260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4af53b188024c125164d4e34a5d079262dbfc55902e52ff44843e23e5cec06f
            • Instruction ID: 49d0fd855b998077a2a12d963cfadf38fe7fb169ca34d7bf68fc25b7cb6b8430
            • Opcode Fuzzy Hash: b4af53b188024c125164d4e34a5d079262dbfc55902e52ff44843e23e5cec06f
            • Instruction Fuzzy Hash: AE41D132220B46DFC726DF28C881FEB7BE9BF59314F108429E6598B250D774E804CB94
            Function 012C4BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08856b36a445b3e828a3e664e381f69ec4d83c4762b60beacd639a83688b3fa7
            • Instruction ID: 14931e5e3f9e67028222114d844e199c32650e32ff1d7899a2e7e6e2cf237d83
            • Opcode Fuzzy Hash: 08856b36a445b3e828a3e664e381f69ec4d83c4762b60beacd639a83688b3fa7
            • Instruction Fuzzy Hash: 1F31CF716242428FD324EF28C8A1A2BB7E5FB84B10F05462DFB558B265E730EE10CB91
            Function 0128EB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc19f8c366d6c61cb0350cf4845b84594e1b3ff194d7f01f458640f38000ab4e
            • Instruction ID: a46b3c44ba16cdfbc595fc73a8d0c3def401a1ee26a4f34b8c0b4445fc9a24e1
            • Opcode Fuzzy Hash: dc19f8c366d6c61cb0350cf4845b84594e1b3ff194d7f01f458640f38000ab4e
            • Instruction Fuzzy Hash: 7E31F5317226D7ABF322B75DCD48B297BD8BF45744F1E00A0EB458B6D2EB68D840C225
            Function 012D61C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 21fb81e15307b68a635a3994439f5162cf128d4009d54ab20c83157771d66265
            • Instruction ID: 4af3ee3d8129b698184df39bed4fc624cb0c5f1976c15d9d2a71e71cd726ba3c
            • Opcode Fuzzy Hash: 21fb81e15307b68a635a3994439f5162cf128d4009d54ab20c83157771d66265
            • Instruction Fuzzy Hash: EC310175A1025AABDB15DF98CC84FBEF7B9FB48B40F104168EA00AB244D770ED40CBA0
            Function 012B483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 90defac850f49fd8d69193107432cba37dd670b035c00476b9feaef2d2611dce
            • Instruction ID: 75f6e404ac7228fa7f1fe40f0416e2577dd871a03c7735fa5f58e029a1554a90
            • Opcode Fuzzy Hash: 90defac850f49fd8d69193107432cba37dd670b035c00476b9feaef2d2611dce
            • Instruction Fuzzy Hash: 8F317336A5016DABCF21EF54DCC4BDEBBF9AB98350F1000A5E909A7251CB30DE918F90
            Function 0123EB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f6decd658612a291c02895bfae839293535a24d69573cf652771412e23f864b9
            • Instruction ID: 75f0b4181f0b18c46012578c90abd26239d236fec67e82f074f0a4626b5614df
            • Opcode Fuzzy Hash: f6decd658612a291c02895bfae839293535a24d69573cf652771412e23f864b9
            • Instruction Fuzzy Hash: 8631C972E20216AFDB22DFA9CD40AAFBBF9FF44750F014425E515D7250E2709E048BA0
            Function 012D60B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa2be5c2604ddfb61646ec723b682508d33e681952a28c9e964db3b83caca2b8
            • Instruction ID: 676fd2d12db101d3e91b3e24247df0af3e3c41e0842c147fd1f629a41bdcb882
            • Opcode Fuzzy Hash: fa2be5c2604ddfb61646ec723b682508d33e681952a28c9e964db3b83caca2b8
            • Instruction Fuzzy Hash: 5431C071A20616EFDB229FA9C850B7EB7F9BF44754F044069E605EB382DA70DD018B90
            Function 012107AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fc59e7d240234de2fafd06ee7706e47e36c06ee73eda33fe658c0b1afcaa38e6
            • Instruction ID: 90fe9791efdb0100580c6acbe066ed743350bd92987eb7542720b9a91b615d3a
            • Opcode Fuzzy Hash: fc59e7d240234de2fafd06ee7706e47e36c06ee73eda33fe658c0b1afcaa38e6
            • Instruction Fuzzy Hash: BA310872A28312DBC712DE288840A7FBBE6AFA4650F024529FD5597349DA30DC5187D5
            Function 01218550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 631f3d84170824c0d63f88e26b763e120816f384139ee6a1b57c4e0fb169b6f2
            • Instruction ID: 33d24eab778c2f62d8c265c608e5ea3c2082edcfa46a9865590b66de99f0bf0e
            • Opcode Fuzzy Hash: 631f3d84170824c0d63f88e26b763e120816f384139ee6a1b57c4e0fb169b6f2
            • Instruction Fuzzy Hash: D53180B1629302DFE721CF19C840B2BBBE5FBA8710F05496DEA8497395D770E844CBA1
            Function 0124A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: c79d75ed4516aa25fc2a446bac56b61570bafce9c380a4356a53302ae2bf8de2
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: B8312EB2B61701AFD779CF69CD41B5BBBF8AB08650F04452DA65BC3651E670E900CB50
            Function 012BEBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2cddd12c73d5df3bd847e49aa0a007a54604f69739be72767daa173bc3d45831
            • Instruction ID: eb6020207035c4a63d2968bfb2a5822fea9d54dd38c705801d335925aa7e2c4a
            • Opcode Fuzzy Hash: 2cddd12c73d5df3bd847e49aa0a007a54604f69739be72767daa173bc3d45831
            • Instruction Fuzzy Hash: 0931EDB1525302DFC712DF19C4809AABBF1FF89758F0589AEE5889B351E331E944CB82
            Function 0123438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 21b6a4f153d60c48065db34544c9372e9c71091c2ea0793636757634fcce17e2
            • Instruction ID: a9ec12611e1d96a85d55d2fc2dccec071210da3cce686cd31c9235c8eb251aec
            • Opcode Fuzzy Hash: 21b6a4f153d60c48065db34544c9372e9c71091c2ea0793636757634fcce17e2
            • Instruction Fuzzy Hash: 6B31E2B2B202869FD720EFB8C981A6EBBF9EBD4704F00847AD605D7254D734D941CB90
            Function 0120CB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 1a9f5cb0f32bba6090c47d4da15fd82fefa8eb4dbb8da1a3ed98cc02316b8fac
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 59213672E6125BAADB01DBB9C801BBFBBB9AF15740F0581759E15F7380E270C95087A0
            Function 0120C156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf3afaef8a52213edec0267cd0551b229c1f53084e1d5a30a3d9d11ce18fa41b
            • Instruction ID: 1f909a97457dd9a0db27aac34db5ed6a46c57fb4e3fde2e9e587e3d0a8e95cee
            • Opcode Fuzzy Hash: bf3afaef8a52213edec0267cd0551b229c1f53084e1d5a30a3d9d11ce18fa41b
            • Instruction Fuzzy Hash: F8318BB16202199BD736AF58CC41B7877B8FF50314F4481A9DA859B3C6DA78DCC2CB90
            Function 012CC3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: 9d554ffe9bd30d29685e874cb5977f11ec659954e1c61d590987c7462630035e
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: 5F21203A610E52B7CB25AB958810ABAFB74EF40B10F40C11EFB9987A51E634D950C360
            Function 0120E420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 55d7eb9840fa32855f0b419de8e946a7d4019a4662508bd223716257b87c90b8
            • Instruction ID: 7f0fe6ad5723001a458a02133dd29320394d2134e6e6564f092076062a9362c9
            • Opcode Fuzzy Hash: 55d7eb9840fa32855f0b419de8e946a7d4019a4662508bd223716257b87c90b8
            • Instruction Fuzzy Hash: FD310A31A2012D9BDB32DF18DC41FEEB7B9EB15740F0209A1E645A72D1D6B49EC08FA0
            Function 01244588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: c27963c7d1bf1dc63bb67f4fc2ab0a81ff2c916c139d7aeb8b1698921d305b6b
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: F9219F32A10649EFCB19EF58D980A9EBBB9FF48314F108069EE159F241D670EA058B90
            Function 012444B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 51052269597ed1bfc93968c3e6fa2978e1be320a5789392fc4ccb9e0651c7dc5
            • Instruction ID: 902856030ca4d9d784da0f46e105457870effe76208e902dedc97e99fb057395
            • Opcode Fuzzy Hash: 51052269597ed1bfc93968c3e6fa2978e1be320a5789392fc4ccb9e0651c7dc5
            • Instruction Fuzzy Hash: BD21D4725247869BCB25EF18D440F6B77E4FB98760F004519FD449B640D730D9018BD1
            Function 0120E388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: 7fd50368bab2721bfd6e7654e473aed447a21ba7ca9318f28e8403d44a5d0625
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: B8319E31620609EFD722CF68C984F6AB7B9FF45354F114AA9E6518B281E770ED41CB50
            Function 0128E609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db3a2036cacf61e56d767ebb20942c57236e5a7c862b4d394cb56108a71dcabd
            • Instruction ID: faa4e4d0c6a80fa5da632c5acf5ec85fdf2aff3ebea7b5400b1473c5f26ed2d6
            • Opcode Fuzzy Hash: db3a2036cacf61e56d767ebb20942c57236e5a7c862b4d394cb56108a71dcabd
            • Instruction Fuzzy Hash: 2431DFB5620216DFCB15EF0CC8949AEB7F5FF84308B16845AE8099B3D1E771EA50CB90
            Function 012906F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73e2c0eb65edd98cbe3f8363a082bf1f44378d065a5585346552a74474deb764
            • Instruction ID: c28b37107d8a0105fbaa7085ef77970d458b1b019d6b585df5e657135db87e58
            • Opcode Fuzzy Hash: 73e2c0eb65edd98cbe3f8363a082bf1f44378d065a5585346552a74474deb764
            • Instruction Fuzzy Hash: 4821807591012AABCF25DF59C881ABEB7F8FF48750F50006AF941A7240D778AD41CBA4
            Function 0129019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0e1c024629e2ebd9a1b102347afc80da7f4fee31e6d9d8ac408ef37f0d395208
            • Instruction ID: 61ed4a5b92a9531b11e1e38bee5446ecdba9858ff491d909a5a810677ddb280c
            • Opcode Fuzzy Hash: 0e1c024629e2ebd9a1b102347afc80da7f4fee31e6d9d8ac408ef37f0d395208
            • Instruction Fuzzy Hash: 26219C71A10659BFDB15DB6DC880F6AB7B8FF48740F140069FA04D7691D678ED40CB68
            Function 01290283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8e723820e862100910b66748e559a943fc5f2774448b4727dfcb153660b51c4
            • Instruction ID: 4ca9f6a9fde393f3985af696ac12beee4ccdfe41e33d3015815c510eb2f40dfb
            • Opcode Fuzzy Hash: f8e723820e862100910b66748e559a943fc5f2774448b4727dfcb153660b51c4
            • Instruction Fuzzy Hash: EC21D37291434A9BDB11EF5DC844B6FBBDCAF91240F0804A6BE84C7251D734C904C7A9
            Function 01232835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af38572f5cce95e998a6863f743479a1b0b6138519f5c6ba1ef1950584b34bd7
            • Instruction ID: 53372c332f8db493fb6e4649641b7d95566c0fb07bd34a81c34e5390fecd135e
            • Opcode Fuzzy Hash: af38572f5cce95e998a6863f743479a1b0b6138519f5c6ba1ef1950584b34bd7
            • Instruction Fuzzy Hash: 0D21F971635682EBE722976C8C04B293B95BF85774F280360FB209B6E2D7B8C8418250
            Function 0124A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7a6637f2f64f4bc6a726269b8b79e7b6f794c7ced7c2e3b1f1398c9a28f44e16
            • Instruction ID: 0bf443d7f9aad311cb1d0c6678a0e79ab15d1aae7391de57afca252baccccf75
            • Opcode Fuzzy Hash: 7a6637f2f64f4bc6a726269b8b79e7b6f794c7ced7c2e3b1f1398c9a28f44e16
            • Instruction Fuzzy Hash: 9521BE75261611AFC729EF29CC01B5677F5FF08B04F148468E50ACB762E375E942CB94
            Function 012CA49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c567489bdd5560c4dcbe2fb9930325b48bc5d1136f2c2c19c009eb448dd8d6ad
            • Instruction ID: 1db27a3292574a37cd273528ae60a8bbe1ce0643965f3f123010e7e68fa9329e
            • Opcode Fuzzy Hash: c567489bdd5560c4dcbe2fb9930325b48bc5d1136f2c2c19c009eb448dd8d6ad
            • Instruction Fuzzy Hash: F111E7726A0B15BBD3225595AC41F77B699DBE4FA0F11412CB718CB180FB70DC018795
            Function 01290946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 62edfe20f056c426e20d656bd6320dff82fc8bb7e02b16bc9c3929f8a13e594f
            • Instruction ID: 01dbdbc246847ed99450b634c2d73c701ee0a5fcca6606ddacd10be1053b3020
            • Opcode Fuzzy Hash: 62edfe20f056c426e20d656bd6320dff82fc8bb7e02b16bc9c3929f8a13e594f
            • Instruction Fuzzy Hash: 8E2114B1E10209ABDB25DFAAD8909AEFBF8FF98B10F10012FE505A7244D7709941CF64
            Function 012A80A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: c1372d0de2af0148ca2e81d42c68ddec83c0db4f2f3a6b8f64b7cc0937cec396
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 0C21AE72A1020AFFDF128F98CC40BAEBBB9EF48311F204415F910A7250D774ED508B50
            Function 01240124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: 33b85734a37752a4bd93cd26e69b7032d464fef684c577961e3dcc3b31bb25b8
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: BB11E272610606BFD7269F54CC41FEABBB8EB80754F104029F7098B180D671ED84DB54
            Function 01218770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53cd3936d6ed50bfc6f7a6556479a19e08a511fa38868d8ef000df3fcddf35fa
            • Instruction ID: 986c69816d58920cc189235fae5ab7503b4d0520c519ec3a77936ff7155a4ff5
            • Opcode Fuzzy Hash: 53cd3936d6ed50bfc6f7a6556479a19e08a511fa38868d8ef000df3fcddf35fa
            • Instruction Fuzzy Hash: EC11C8767206169BDB15CF4DC4C0926BBE5EF66754B29406DEE089F308D6B2D902C790
            Function 012180E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 272c34e41dc48676afa352c777aa0234ccf53791dcaf32baf1f9ccd8677cb286
            • Instruction ID: 85a706ad3c1da94c35d5061f123d8bd0632c5807daa611bc5c67bd1ed4e4ff67
            • Opcode Fuzzy Hash: 272c34e41dc48676afa352c777aa0234ccf53791dcaf32baf1f9ccd8677cb286
            • Instruction Fuzzy Hash: 84218B72A1020ADFCB14CF98C581AAEBBF5FB89318F20416DD205AB314CB71AD06CB90
            Function 0124674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b55205fd85eecc0a53c5caf6daf55dd9043fd8a7e68b08e1b01d14f20fec164
            • Instruction ID: db2990bf762a46877eb4f51d45cc13d59937c82a06f1397d9b23e7d8cc2252dc
            • Opcode Fuzzy Hash: 0b55205fd85eecc0a53c5caf6daf55dd9043fd8a7e68b08e1b01d14f20fec164
            • Instruction Fuzzy Hash: 49219D75620A01EFD729DF69C881F76B7F8FF85350F00882DE69AC7250DA71A950CB60
            Function 012A6870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: deaf08609c850d2dc5e2058e8c27c8ba957abec3bde85489823dd0d329e92ae8
            • Instruction ID: ba7734c7a4a4bcfce76377d933e759a715bf091a1840a991618e4d9e665a522f
            • Opcode Fuzzy Hash: deaf08609c850d2dc5e2058e8c27c8ba957abec3bde85489823dd0d329e92ae8
            • Instruction Fuzzy Hash: BF11E332260616EFC722CB9DC940FAA77A8EF99B60F454025F201DB250EB70EC05CB90
            Function 0123E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bac4882cb174c412444e4814217eddbbba9093cd3a1f25e7c866ca295da380d2
            • Instruction ID: 377155b824d2e068467db19659860d73b1fa8f375172e181b61cddbb8b9d3ed8
            • Opcode Fuzzy Hash: bac4882cb174c412444e4814217eddbbba9093cd3a1f25e7c866ca295da380d2
            • Instruction Fuzzy Hash: A3116F773241119FCB1ADB28CD41A3F72A6DFD5774B264529D522CB291E9309C05C390
            Function 012466B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ee78fe581bd55562e181b6c97fc20dbad7e799d12dc40c8081e378d865b4eee
            • Instruction ID: 5f9b5c8ea72b56f376d166e1e173f92d9e567e1ae524ea2519c6d73d033e3567
            • Opcode Fuzzy Hash: 9ee78fe581bd55562e181b6c97fc20dbad7e799d12dc40c8081e378d865b4eee
            • Instruction Fuzzy Hash: 8411E3B6A21216EFCB2ECF59C580A5ABBF8EF85710F05807ADA059B315E674DD00CB90
            Function 012DA8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 3820225a895637abeaf875bd93211ceae62401e9d62ffca865faa9c54d21e390
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 12110436A1091AAFDB19CB58C801FADBBF5FF84210F058269E84597340E675AD41CB80
            Function 0129E7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 8f46c242cfca6a3a2a3b1e80e105af6ae643551bc21d98711a46bb342d120d66
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 54118F71620602EBEF21DB8CC840B667BAAFF55754F068468EA099F160DB71DC40DB90
            Function 012327ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 14b4b4a5ed2cfb99bb520a6db1e2d8d94f4e33b3c74d84d1175119f8cbe61cc0
            • Instruction ID: 7da7163212158cf40bf6db75bf7a9a1d7358ebd6606511b20fd42112795d9039
            • Opcode Fuzzy Hash: 14b4b4a5ed2cfb99bb520a6db1e2d8d94f4e33b3c74d84d1175119f8cbe61cc0
            • Instruction Fuzzy Hash: 8501D671735646AFE316A66EDC85F3B6B9CFF80764F090065FA008B291D964DC00C2B1
            Function 01214690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7fd65563c619bbbaf7e7ecb5c7a1e800b549c359530134020095f2581a3ef02e
            • Instruction ID: 6ef8b6632218fa69d990d187ee9b9385d107c807ff4a3bda820f8d577ec62231
            • Opcode Fuzzy Hash: 7fd65563c619bbbaf7e7ecb5c7a1e800b549c359530134020095f2581a3ef02e
            • Instruction Fuzzy Hash: 8A11E935260785AFD729EF59D844F567BE4EBA6B64F044119FA0887258C770F842CF60
            Function 012E4B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 196272065a13a827df56e4e2088ab9d51ddd038eff6684830e29b376c997b637
            • Instruction ID: 9afcc0cc83be150d2efbc5a04e3995b08347f9704c02a9e43aaad72de7ae992b
            • Opcode Fuzzy Hash: 196272065a13a827df56e4e2088ab9d51ddd038eff6684830e29b376c997b637
            • Instruction Fuzzy Hash: C11129326206529FDB22EA29D848F27B7E5FFC4710F95441DEB46C7250FA30E802C790
            Function 01246620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b308a38f6a15896699cca42dec329cc03b44c253f37d7496265f0ddce9a1cc8d
            • Instruction ID: 961795ad0cf5ebc8b063dbbb0fc7868a7b2173446c2d40465d7d2b6327a1e234
            • Opcode Fuzzy Hash: b308a38f6a15896699cca42dec329cc03b44c253f37d7496265f0ddce9a1cc8d
            • Instruction Fuzzy Hash: D111E572A10716AFDB26DF59C980B6EFBF8FF89750F500055EA01A7200D739AD058B50
            Function 0123EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b881e6c9ef4500321860b8372664c85df27748d1fd92d06db67fae10032808a
            • Instruction ID: 21ee876ab7d06d2a0fef55aea1647771cc62807fc1dfb99e039e7e6b2fa17333
            • Opcode Fuzzy Hash: 9b881e6c9ef4500321860b8372664c85df27748d1fd92d06db67fae10032808a
            • Instruction Fuzzy Hash: 290192B551010A9FC726DB19D458F26BBF9FBD5318F22816AE1058B264D7B0AC4ACF90
            Function 0123E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: 682daad34802c71c267ab269fc59ba14898dd9bc4e15acbe03fb1c3992a375a5
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: 2511E5B26396C3DBE723972CDA44B263BD4BB41744F1A00A0DF5187683F378C842C251
            Function 0129E75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 3075ade1e7b3147c416aed723be334c18d8efa87cc948a2a4113748907f9febc
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 92018032620106AFFF29DB5CC801BAE7BA9EF55750F068424EA059B260E771DD81CB91
            Function 0120A250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: d0bc60dae1ce160720975ebd67edfc022c5140b5c93996ffbe94af6886d477f2
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: D201C4715257269FCB228F199C40A767BB5EB55760740863DFE958B6C2D731D400CB60
            Function 012E4940 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cce083a3b20668960d3e26487c97976b0d7561b7308f0c0fedc92b5c33d012bd
            • Instruction ID: 288022dbdc315df546a30e53a78e9451cfcdff9250800ff4abb8282264240ca2
            • Opcode Fuzzy Hash: cce083a3b20668960d3e26487c97976b0d7561b7308f0c0fedc92b5c33d012bd
            • Instruction Fuzzy Hash: 860126724611529FC732EF1CD808E26B7E8EB85370B554255EA68EB1A6D730D801C7D0
            Function 0128E1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3acb466906e3bceab950efd01d5eb19874f8a02e6edc7cb3408c205d3d5ab16d
            • Instruction ID: a4f505285293d8a3d7c5826e1f02153840d51cbe2b5056a5ed0f0381df90c191
            • Opcode Fuzzy Hash: 3acb466906e3bceab950efd01d5eb19874f8a02e6edc7cb3408c205d3d5ab16d
            • Instruction Fuzzy Hash: BC118E71251241EFDB16EF19CD91F267BB8FF58B54F110065EA059B6A1C335ED01CB90
            Function 01216259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3816710c464b2ee3c432b992cb1a7c63dac1fb60d1edb1877ee8cea955829550
            • Instruction ID: 1a7f94970d8a9b41debc5ce98bcb293851612d6e22a388c4e333492ba793cdcc
            • Opcode Fuzzy Hash: 3816710c464b2ee3c432b992cb1a7c63dac1fb60d1edb1877ee8cea955829550
            • Instruction Fuzzy Hash: F6119A71511229EBEB65EB24CC82FEDB2B4AB18710F504194A718A60E0DA709E81CF84
            Function 01296050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0a50cb9b9759f017d2c5e40b4e35deb272c5a50d04ed80e8f6d1a7594ec0c272
            • Instruction ID: 63e172efb28fb24b952738fd3027ce466ba9e113396d0156aae115a5e422b84a
            • Opcode Fuzzy Hash: 0a50cb9b9759f017d2c5e40b4e35deb272c5a50d04ed80e8f6d1a7594ec0c272
            • Instruction Fuzzy Hash: 80111772900019ABCF16DB98CC84DEFBBBCFF48254F044166E906A7211EA34AA15CBA0
            Function 0121208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: 00551ed57a220aa5b714192c57144884eaab1d10cb51e595986cd061eeff9840
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: BE01F532620112CBDF11DA19D880B6677AABFE4600F6546A5EE018F24AEAB28881C390
            Function 012A6500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bec1abd8360d8048816b51b84405c7038e5f8e387dc52e59b40640d6c6c4c167
            • Instruction ID: 651d62bcbbe43652bbf49372a5b04c1f57575b7803f394035a0170147969106f
            • Opcode Fuzzy Hash: bec1abd8360d8048816b51b84405c7038e5f8e387dc52e59b40640d6c6c4c167
            • Instruction Fuzzy Hash: ED11E1326101469FC311CF58E800BA6BBB9FB5A304F4C8159E9888B315D732EC80CBA0
            Function 0129C810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 31249a5ab5681c847c209fbe93e4c4d7fd4f978e287450f5311420274fb22657
            • Instruction ID: f7c1cf0ebf033be34cc6e6cba52843e52f112ff4a85c9f9f44b0bba4aee3a440
            • Opcode Fuzzy Hash: 31249a5ab5681c847c209fbe93e4c4d7fd4f978e287450f5311420274fb22657
            • Instruction Fuzzy Hash: E91118B1A10209ABCB04DFA9D581AAEBBF8FF58350F10406AE905E7351D674EA018BA4
            Function 012BEA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b62decd109b411b7d20117130a47c76c941e4c8d6a2ecb28cf23b26afae13dbe
            • Instruction ID: a858ceb4ea6db8ef7d464dce954ba1b70fd155f59801f4e2e8635a552b2266e9
            • Opcode Fuzzy Hash: b62decd109b411b7d20117130a47c76c941e4c8d6a2ecb28cf23b26afae13dbe
            • Instruction Fuzzy Hash: AE01B175160222AFC736AE1984809FABBADFF917A0B06842AE2555B251CB21AC41CB91
            Function 0120C020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: f23948e62526ede6ac5c0858f33c18f117a8afa79d8a14acb2e5bbcad3c76cbf
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 7401287222074ADFEB23D6A9D800FB777EEFFC5610F044959E6868B980DAB0E441CB50
            Function 012520F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 64fa44feaf75f2f25e4c29824be1242345a5a6c0043e6ccfa3895212f40a3cca
            • Instruction ID: a8fa32f4d6ac29ecef5f7c1436465e489234f8b8d0c9b1eade67d35c587d7ea3
            • Opcode Fuzzy Hash: 64fa44feaf75f2f25e4c29824be1242345a5a6c0043e6ccfa3895212f40a3cca
            • Instruction Fuzzy Hash: 44116D35A2124DEBDF15EF64C891FAFBBB5FB44344F008059EE0197291EA35AE11CB90
            Function 0124E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4dcc05f0da524dcf638eb6407bf9208cd50290bebc3720b25b7b612a99871936
            • Instruction ID: 600fa48dd43d558886712fb6379b46b7bee738b0a520e807696152adf82d0a6b
            • Opcode Fuzzy Hash: 4dcc05f0da524dcf638eb6407bf9208cd50290bebc3720b25b7b612a99871936
            • Instruction Fuzzy Hash: F201F7B1221522BFD711BF39CD80E2BBBECFF986647000525F205935A0DB29EC11C6E0
            Function 012A69C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ed262727ccc4d60060a2e2fb8dc16eb6b15066d8ffe0eda6f22f77b4d387b9f0
            • Instruction ID: d1f9c1a214accd8a5450079fa5ded990e73b0bc3bbaecfdb69777723423a81e4
            • Opcode Fuzzy Hash: ed262727ccc4d60060a2e2fb8dc16eb6b15066d8ffe0eda6f22f77b4d387b9f0
            • Instruction Fuzzy Hash: 97014C322342029BC320DF79C888977FBA8FF88760F644129E958871D1E7309905C7D1
            Function 0129C460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a0aedb3a93bf5ce3d785e526fba0c54c8f7d910cca3f226e92489590f5317d15
            • Instruction ID: 6d4edef9b375c69aa2e83546b9b93914a76751700f2ad3caafa853d0acb0ddb0
            • Opcode Fuzzy Hash: a0aedb3a93bf5ce3d785e526fba0c54c8f7d910cca3f226e92489590f5317d15
            • Instruction Fuzzy Hash: 10115B75A10249ABDF15EF68C840EBEBBB5FF48344F004059FD0197340DA34E961CB90
            Function 0129C97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4f8265eb41fe74bc61faad36abb31b0d072f8c8a6f8c40eedaa215b68358bc60
            • Instruction ID: 67df046b711518c8c2c17204d7b63ab2db9371e72336e17dac717259839c25f4
            • Opcode Fuzzy Hash: 4f8265eb41fe74bc61faad36abb31b0d072f8c8a6f8c40eedaa215b68358bc60
            • Instruction Fuzzy Hash: F9117CB16243059FC700DF6DC44195BBBE4FF98310F00451AF998D7351E630E900CB92
            Function 0129CA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: faa9a32dfd58495a39a015f412ab45b2f2fe4efa4fa4f3eb6728935e1f5b05f2
            • Instruction ID: f41975e80e64eb9a588ecc00296b76a4fd3dbd2d71a53feafd49c1acd19b3030
            • Opcode Fuzzy Hash: faa9a32dfd58495a39a015f412ab45b2f2fe4efa4fa4f3eb6728935e1f5b05f2
            • Instruction Fuzzy Hash: 311179B1A283099FC710DF6DC44195BBBE8FF99350F00852AF958D73A4E674E900CB92
            Function 0122E016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: 732612439ec3b81d94e02e72758754f4d84364b2b705c856bbabbe6dfee37b06
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: A201DF32220581AFE722871DC908F3A7BDCEF44744F0A00A1FA05DB6E1DA7CDD81C221
            Function 0120826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b0fe61f415f9620a3ebf6aaf8614231320020dbb3ade3d52f4dff1298d3cf32
            • Instruction ID: c55c5a47873e450309fd103868ee4d170511ec63a558ad404313685f258bed9b
            • Opcode Fuzzy Hash: 1b0fe61f415f9620a3ebf6aaf8614231320020dbb3ade3d52f4dff1298d3cf32
            • Instruction Fuzzy Hash: EE01D435B30946DFDB15EB6AD8519BBBBF9FF80220F1541699A01A7285DE30D801C690
            Function 012BEB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 60a74224ff69fcbe3a6fef739a6dd5d57fbc3327ae39f6e9e7e592dbc0f44e91
            • Instruction ID: fdc6ea0fe8526c011aaccffaa9815a63be76f41a046fc193f2529281e8ae269a
            • Opcode Fuzzy Hash: 60a74224ff69fcbe3a6fef739a6dd5d57fbc3327ae39f6e9e7e592dbc0f44e91
            • Instruction Fuzzy Hash: 32018FB12A0B11AFD3325A1AD891B96BAE8EF55F90F01442AE7069B390E6B198418B54
            Function 01212582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f414f97101c788b391ab8444e51887070a1fc2115c0a4ecb66f2054629b4f487
            • Instruction ID: 3e7a7b70891fabcdb7ffdbaed291dfb2c65dc6268a7890c49840ec4e5f65f306
            • Opcode Fuzzy Hash: f414f97101c788b391ab8444e51887070a1fc2115c0a4ecb66f2054629b4f487
            • Instruction Fuzzy Hash: CBF0F432661A25B7C735DB5A9D80F5BBAEEEB94BA0F104029F60597640DA30ED01CBA0
            Function 0123C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 5183b5c8f4e706ca3169da9058fc2a8cdf971b466e4cd00689b3f53d1072004c
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: E1F0C2F2600611ABD324CF4DDC40E67FBEADBD1A80F048129E605DB220EA31DD04CB90
            Function 0120C310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: 9933138b9b229e14511f23d9c7634bc6838b1a7e6abd3f782dbf731286e3056d
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: BFF028B32346239BD7331B594840B3BA7958FD5B64F190375E3059B281C9B4CD1163D0
            Function 012E634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2a74d32bc258e31f034df57b9fa466065f34cf5beb9915bb353a4398ac7cca8
            • Instruction ID: 1579d70adeed11d64c28b401da1748d04605da78eff51d97246a0c445c5cfa9d
            • Opcode Fuzzy Hash: e2a74d32bc258e31f034df57b9fa466065f34cf5beb9915bb353a4398ac7cca8
            • Instruction Fuzzy Hash: 37018F71A2020AEFCB04DFA9D455AAEB7F8FF58704F10406AF904E7350D6749A008BA0
            Function 012E625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15b4daa6c66e3743e0c9d005c83b9bdf87681178a35634f07b0a18f0a2e96939
            • Instruction ID: 93f6bcea6a2c8f6c58a6e1574424b5d775f7276ebada9f1d28fd2d5d3e6567d7
            • Opcode Fuzzy Hash: 15b4daa6c66e3743e0c9d005c83b9bdf87681178a35634f07b0a18f0a2e96939
            • Instruction Fuzzy Hash: D4018F71E2020AEFCB04DFA9D491AAEB7F8FF58304F50406AF900E7351D674AA00CBA4
            Function 012E62D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 966dc5df709d5e9282de8a96444647db81b9f94ff8fdbd24e5b13c19f27ad994
            • Instruction ID: 1aada1116a18ad3760dffb33dda4781dd35a3f9cdd894b2f4c7bcf2a31641d1c
            • Opcode Fuzzy Hash: 966dc5df709d5e9282de8a96444647db81b9f94ff8fdbd24e5b13c19f27ad994
            • Instruction Fuzzy Hash: A6018471A10249EFCB04DFA9D4459AEB7F8FF58704F50405AF904E7350D6749D008BA0
            Function 0124CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: 46b834802d56fb85935fe34efb7a8a77ed22def2262e31707f0fd5371bf1ff9a
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: 9901F932222696ABD326DB1DC805F59BFD8FF41750F084465FB048B6A2D6B8C810C250
            Function 012E61E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cddeefb7fc407a1369ec9dd6d17ec984a01940b705e8a66f63b181ebc23b0012
            • Instruction ID: 2e6f074994d2583d2f443725bb5fc27010988295255a610ee02420be3d6fd4f1
            • Opcode Fuzzy Hash: cddeefb7fc407a1369ec9dd6d17ec984a01940b705e8a66f63b181ebc23b0012
            • Instruction Fuzzy Hash: FE018F71A2024AABCB04DFA9D445AEEBBF8BF58310F14005AE900A7280D774EA01CB94
            Function 012963C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: b50d07509e2be454ac6e5efc159b86fcd4da05c0547a01a007833aa4c4ec3072
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 1FF0127211001DBFEF019F94DD80DBF7BBDFB592E8B114125FA1196160D635DD21A7A0
            Function 0129A4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 822c68daafa6fba25ffd381d63fa605274b66ccb9eab637dfa7ae9bb901ced5e
            • Instruction ID: fa371e26173677fcacb34a74021bc03205772a353d16f0284c43e89ac8e8635d
            • Opcode Fuzzy Hash: 822c68daafa6fba25ffd381d63fa605274b66ccb9eab637dfa7ae9bb901ced5e
            • Instruction Fuzzy Hash: 45014936610259ABCF129E88D840EDA7FA6FB4C764F068115FE1966220C736D971EF81
            Function 0120C0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0ce742381b93476db13099bb6d686579b4ab524a60e928142f26b714d3a86801
            • Instruction ID: 381685b3fe4c4598d5df2d5a6fa7e7e99fd368084aa0bece8cf31f4c20c6c1bc
            • Opcode Fuzzy Hash: 0ce742381b93476db13099bb6d686579b4ab524a60e928142f26b714d3a86801
            • Instruction Fuzzy Hash: 74F02BB12243425BF71696599D01F3272D6EBD0750F2582A5EB058B2C2EA70DC1183D4
            Function 0124656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 39af1fd0ca97c9448cf6cbae5822dacbd6741507bdf60c9a3a546e62649a6582
            • Instruction ID: caec418bd38e1f9b334f3ccbb6ba2023f87882f9d8ad6df3a11c172f845acab7
            • Opcode Fuzzy Hash: 39af1fd0ca97c9448cf6cbae5822dacbd6741507bdf60c9a3a546e62649a6582
            • Instruction Fuzzy Hash: B501A470221AC3DBF336AB2CDD48B2937E8BB45B04F580191FB018BAD6D768D8018610
            Function 012B437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 7d14ec82671e2be4e92ef48557e3a219423ad3b01fbe4489494dee8accad2418
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: 2FF0B431362A9347E735BB2D84D0ABEA6559F90B80B2D052C97168B642DF60D9818780
            Function 0129E872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: aea05dbaae0b0328ef5b81bdeccc0b1ff68aa9bf209ec31578648f865b35bddd
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: E9F05432731522ABDB21DE8DCC80F16B768BFD9A60F1A0065A7149F670C764EC0187D0
            Function 0129C89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7bde98c3a01200abb963daab6d53d7a8c7ab9d7f358fdd147939711b1848fbe
            • Instruction ID: b011c6ab731ca705e75f53bac79a501ea6e5231e9cd60ce636a46ae1226b8d16
            • Opcode Fuzzy Hash: e7bde98c3a01200abb963daab6d53d7a8c7ab9d7f358fdd147939711b1848fbe
            • Instruction Fuzzy Hash: B5F08C706253449FC714EF28C442A2BB7E4FF98710F40465AB898DB394E634E901CB96
            Function 01240854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: b9d66d97969cc621acbccc958bbddbd14bafe7afc8b3c78577f70599534e409d
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: 33F0B472620205AFE718DF26CD01F96B6E9EF98340F158078A645D71A0FAB0DD41CA58
            Function 0129C912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bafac8e2a1dd0f49ad15b85a0f29def48cd4f5b7730b6b64eec318c233b8b1d6
            • Instruction ID: 6856e65ca51b682144f6ac7b0926fa9a6ec04efc5bed575827a6515ef09794ed
            • Opcode Fuzzy Hash: bafac8e2a1dd0f49ad15b85a0f29def48cd4f5b7730b6b64eec318c233b8b1d6
            • Instruction Fuzzy Hash: E5F0C270A20249EFDB04EF69C551A6EB7F4FF18300F008056B905EB385DA78EA01CB50
            Function 012147FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c441d8983a635e915efd714ce62a5a3a7835299f019039add12d57a99eece649
            • Instruction ID: 1a187e7f24b9ba88eb7095c35c2d940dac8f17d9a74c206393b916890f397a82
            • Opcode Fuzzy Hash: c441d8983a635e915efd714ce62a5a3a7835299f019039add12d57a99eece649
            • Instruction Fuzzy Hash: 7FF0B4319366E29FE732FB5CC844B227BD49B20738F0A896ADE4D87546C774D880C651
            Function 012D0115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b983372a0b73b37053357a9d5b1e30585e2c1373eaf8741c89e2aec23eb67ef5
            • Instruction ID: 2d54c8b207b625320985eecb36ca3f16116241dd8b7cff4086f8ecc2e9bcc06f
            • Opcode Fuzzy Hash: b983372a0b73b37053357a9d5b1e30585e2c1373eaf8741c89e2aec23eb67ef5
            • Instruction Fuzzy Hash: E6F027B64356C64ACB335B3CA8613E12B98A791610F09104AE6A157219C574D493C328
            Function 0124C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dcb29a0c93120c03346f636c8cf8f7c078d6df4feb5941e5377c1551c46bc4ed
            • Instruction ID: 9e3816ad15369dc610c434a1ac0be3c91eb32760c68863760ad570b7c26ceeea
            • Opcode Fuzzy Hash: dcb29a0c93120c03346f636c8cf8f7c078d6df4feb5941e5377c1551c46bc4ed
            • Instruction Fuzzy Hash: A5F0E2719336929FE32B9B1CC148B217BD89B807A0F09D535D616C7662C7B4E8A0CA51
            Function 01252619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: a2e8af141d00014a7707d35a50b563f2ce4b4993330eaefa79d7c7698a692dea
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: 82E09232310601ABEB519E598CC0F67776E9F92B10F044479BA045E291CAF2DC0982A4
            Function 012A6030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: 17478fa0d96a318590e604de35b77bcce8306d5fc1e4b0c081e32f6f508ecf80
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: 6FF06572164604EFE3218F09D944FA2B7F8FB05364F89C025E7099B561D379EC80CBA4
            Function 01210710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 09c46dff34d3d87cb371f83d8f927f6a7727cbba94e7ea9351ccc38032511349
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 86F0E5392243459BDB1ADF19C040AAA7BE8FB65350B010454F9428B341E771E9C2CB55
            Function 012449D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: fa5d8df22ac65aa828779045376ead247c381b4b73cce7daa021998152c50171
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 97E0D8322745E6ABD3253E598821F7A77A5DBD87A0F154439E3008B150DFB0EC40CBD8
            Function 012E4164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b1a26cf9de0dfd57b491432b707d85e4b9ec7198cb7f9d78d81adf717ac33aff
            • Instruction ID: ccc0843772f91f14456ff2e4ab8183c1d8c01ee620789d8adf772c800b58b1fc
            • Opcode Fuzzy Hash: b1a26cf9de0dfd57b491432b707d85e4b9ec7198cb7f9d78d81adf717ac33aff
            • Instruction Fuzzy Hash: C9F0E531A359D24FEB72E72CE248F5577E0AB50670F8A0554D600CB912C324DC80C650
            Function 012B678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: d82bd02249b82a83bc1ee1c770531257e3ca28429fc66d8b587f20db32621808
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: 9BE0DF73A50120FBEB25A7998D01FEABFADDB90FA0F154064F700E7090E530DE00D690
            Function 012E08C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: 35c2eab5f8258dfa2418fc92c2fb1ac0b0efaaf1c551cc3ceb62f798c0c992fb
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: 5CE09B317503568BCB25CA1FC145A63BBE8DF95660F558079EE0547612C2B1F853C6D4
            Function 012125E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f712a2b3b867e8a9291078297ee76a1f5809b271d45073c8e8fca8e2a787f7e4
            • Instruction ID: 51dde2cc8eafa08c65dcf455ddbf481112e7fb801c920239d8e60913156653d2
            • Opcode Fuzzy Hash: f712a2b3b867e8a9291078297ee76a1f5809b271d45073c8e8fca8e2a787f7e4
            • Instruction Fuzzy Hash: 60E09272110594ABC322FF29DD11FAA7BDAEB74370F114515F11557194CB34A810C7C4
            Function 012CA456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 05f6a422c7411fbb5fac9cf36439dfd3b5856a941e69b56bbaac12140b18962f
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: F6E09231030652DFE7366F2AD848B66BAE0FF50B11F148C2CE296124B0D77598C1CA40
            Function 01294000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: 3b76fbc401d750ff70e2fc0685ce217b7f88cd782d556018def631642ae165cb
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 0DE0C2343103468FEB19DF1DC140B627BB6BFD5A10F28C068AA488F205EB32E843CB40
            Function 0124CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 97389cfbb9b071707249a191b5eca59daf1cfcc9a332354c53eaf14125a91b7d
            • Instruction ID: c111557ba9c8d5066ef0c51ffd38bac6a1b9c17bcdb0ae892404bc923bd47f09
            • Opcode Fuzzy Hash: 97389cfbb9b071707249a191b5eca59daf1cfcc9a332354c53eaf14125a91b7d
            • Instruction Fuzzy Hash: A2D0C2325A20316BCB2AE91D7C04FE33A9D9B50620F018861F20892011D564CC9183D4
            Function 0120823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: adcbd4c7736a6aa48b9060cebe316ff9cba8eb68f10950f47cd3ffba59bfbb76
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: 3BE0C231970A61EFDB332F15DC00F6276A5FF58B20F104A29E181064E5D7B4AC81CB44
            Function 01212050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a421286d80fb283f0db0e315d7544437e654960cc289da2be08bc956f0f7c5ff
            • Instruction ID: b16dd9c5665da0fec9dddba328999a535d3964410535373567e6922ceb270af2
            • Opcode Fuzzy Hash: a421286d80fb283f0db0e315d7544437e654960cc289da2be08bc956f0f7c5ff
            • Instruction Fuzzy Hash: CBE08C321104A4ABC212FA5DDD11F6A77DEEBB8370F100221F15487698CA24AC00C794
            Function 01266AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: 6e7bb0875386450f91d732c4593830fa9a9dcbd962d3b7775c7151a07a44212b
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: D3D05E36521A50EFC3329F1BEA00C17BBF9FBC8A20705062EE54583920C674AC46CBA0
            Function 0124E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: df1dd568eedda5c12e74ab578ed00292c57550ebfb31457f784ef7f81709c62b
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: ABD0A932224620ABDB32AA1CFC00FE333E8BB8C720F060459F008C7090C368AC81CA84
            Function 0128E908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: d170f7c65bba18d0d225cd87f2a1f83e27ebeb6bfe9c96251b2279281da1cf3c
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 4FE0EC35961685ABDF12EF59CA40F5EBBF5BB94B40F1A0054E5185B660C668AD01CB40
            Function 0120A0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: 0de50f76c81b87ef76153245d961560bcad51de2b5324efdc49b02968e92d1b6
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: ACD02232232031A3CB2A9A556800F67A906AB84AA0F0A022CB50AA3840C0088C42C2E0
            Function 0124A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 451bf4ac26905e06cdddcdcdff878732d4b4bb91497c514e1df6f199496f505d
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: BFD012371E055DBBCB11DF66DC01FA57BA9E768BA0F444020F504875A0C63EE950D684
            Function 0124CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49fb24f1553f37f7e905a84a6a930507bbeddeea1f66fda96a60d79eb91155ac
            • Instruction ID: b67385b6cb4e3e1e2e30508f641153f2bbf51ec05c81ed0721e36ed96bc20d00
            • Opcode Fuzzy Hash: 49fb24f1553f37f7e905a84a6a930507bbeddeea1f66fda96a60d79eb91155ac
            • Instruction Fuzzy Hash: 39D092396765269BDF2AEF5DCA21A7E7AB4EF18650B800068E701A2560E369D8218A50
            Function 012202A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: b2d7dad620b43d126c07282813ae6127fe466b77b4a8a5c305efab590d4a7b13
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: BBD0C935222E81DFD61BCF1DC5A5B1A33A4FB45B44F810591F501CBB22D67CD940CA04
            Function 0124C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 7f30ef94a36fff345a639b3d2bf28159f0d1841bd2be268bb3ac4bb0a94ff200
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 37C012322A0648AFC712EE99CD01F167BA9EBACB50F000021F2048B670C639E820EA84
            Function 01230310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: 75ebe332bce1ebcc5abac6af06ff2de478eada06d2efa8bd166746a99b45e83b
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: E0D01236110248EFCB01DF45C890DAA772AFBD8710F108019FD19076108A31ED62DA50
            Function 01210750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: 083d83a1976f387b9de109416914d3c0ef5e217dc169bf1892c28f8e4774bcb0
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: 49C04C797115428FCF15DB19D2D4F5977E4F744740F150890E905CB726E664E841CA10
            Function 01252890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 791a1af263e20ae3bd609712f335c5752ad5e523cb559d6125f33af323f2d876
            • Instruction ID: 91caa3499c2b9921afbe61d6bf2d0a7ae3ec2df3398b3d4cb587cb243f15c637
            • Opcode Fuzzy Hash: 791a1af263e20ae3bd609712f335c5752ad5e523cb559d6125f33af323f2d876
            • Instruction Fuzzy Hash: 6C51E4B6A24117EFCB55DB9C89C097EFBB8BB08240714822AE965D7681D774DE4087A0
            Function 012C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: f72a8d943ff2fc3a9713c4c7b502db07eadef5c42461372ada01cf4b2625f133
            • Instruction ID: d07549efe902843016ce86fe5393f1c662a40d0e44994c7d0ae4b8b50af5d66e
            • Opcode Fuzzy Hash: f72a8d943ff2fc3a9713c4c7b502db07eadef5c42461372ada01cf4b2625f133
            • Instruction Fuzzy Hash: AF512775A20646EFCB35CF5CC88087FFBF8EF54640B00855EE696D3682DAB0DA408760
            Function 01247630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01284725
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01284742
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012846FC
            • ExecuteOptions, xrefs: 012846A0
            • Execute=1, xrefs: 01284713
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01284655
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01284787
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: 036ff1d12e8a1155b3184a2653dd19e3d4beaaa71ddc87573f37ead2dc05f6d5
            • Instruction ID: 9f98f5f4e352539d1c0bb7352ef6f35aba5f407ec29c1bdf07aed5c73bb94b10
            • Opcode Fuzzy Hash: 036ff1d12e8a1155b3184a2653dd19e3d4beaaa71ddc87573f37ead2dc05f6d5
            • Instruction Fuzzy Hash: 14511731A2025ABFEF29FAA9DC85FBE77ADEF14304F040099DA15A71C1E7709A458F50
            Function 012E6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction ID: fd174921c25c93c60ae5681d4d22839f705967cdc392c724670fadc3615b1097
            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction Fuzzy Hash: D7022671528342AFD705CF19C498E6FBBE5EFD8700F84892DBA895B250DB31E905CB82
            Function 0125B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: 965fae88967aa7fadc35bdd36069122d66030802a5581f9db81579636264533e
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: 2081B071E3524A9EEF698E6CC8D17FEBBA3AF45320F184159DE61A72D1C7348840CB61
            Function 012C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 35717cb591807c0ceefe2e352e70bce730c5e3f3097253c6998d0c77c8a13ef6
            • Instruction ID: ef8bdc331abf2e8becac08c53d3b91aa55f73e734053b32764cbc1de0976da45
            • Opcode Fuzzy Hash: 35717cb591807c0ceefe2e352e70bce730c5e3f3097253c6998d0c77c8a13ef6
            • Instruction Fuzzy Hash: 1C21567AA2011ADBDB11DE69CC409BEBBFCEF94644F04021AEB05E3241EB7099018BA1
            Function 0123F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012802BD
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012802E7
            • RTL: Re-Waiting, xrefs: 0128031E
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: ce37508cc50e673b578b619774a104218380df3ebc3d313aea85388db081e879
            • Instruction ID: b4a70c3381872435b62e74c12e36ae947324f20944fb368f5ee2b3c77e222440
            • Opcode Fuzzy Hash: ce37508cc50e673b578b619774a104218380df3ebc3d313aea85388db081e879
            • Instruction Fuzzy Hash: B9E1C070A24742DFE725DF28D985B2ABBE0BB84314F140A5DF6A5CB2E1D774D848CB42
            Function 0124BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01287B7F
            • RTL: Resource at %p, xrefs: 01287B8E
            • RTL: Re-Waiting, xrefs: 01287BAC
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: 90368266ec6ff1e0b28ccdefc3f9eb90a065b132e1dcfefe9489f3d9c485d833
            • Instruction ID: ce1506990bcc5a6e3c606231fffc95f86057350ff48b9df0261326957ffd7537
            • Opcode Fuzzy Hash: 90368266ec6ff1e0b28ccdefc3f9eb90a065b132e1dcfefe9489f3d9c485d833
            • Instruction Fuzzy Hash: 434124357217039FDB29DE29C941B2AB7E5EF98710F100A1DFA5ADB280DB71E805CB91
            Function 0124B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0128728C
            Strings
            • RTL: Resource at %p, xrefs: 012872A3
            • RTL: Re-Waiting, xrefs: 012872C1
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01287294
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 8ef667b6fc1bc89c31f5f162a7e16439d01b2ae6a114b9940b763231e7cf1165
            • Instruction ID: 9eacc0c29e6b1e76ec0d9e58eca6019f76b73e8e25c69745d8d04a1d92be8c8c
            • Opcode Fuzzy Hash: 8ef667b6fc1bc89c31f5f162a7e16439d01b2ae6a114b9940b763231e7cf1165
            • Instruction Fuzzy Hash: CA41F035661203ABDB25EE29CC41B66BBA5FB94710F200619FE55EB280DB31E852CBD1
            Function 012C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: d9575b2c52aafffbf42c29bb6013e9e059ccbd9d3d0eba2ce12c5fd6aa09f7e7
            • Instruction ID: 9341c93cd817b45b9d8f826b23555c4365af1e2b9301f4733848301bc386d4f9
            • Opcode Fuzzy Hash: d9575b2c52aafffbf42c29bb6013e9e059ccbd9d3d0eba2ce12c5fd6aa09f7e7
            • Instruction Fuzzy Hash: 3E315772620119DFDB21DF29DC40BFEB7F8FB54610F44459AEA49E3240EF309A549B60
            Function 01257D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction ID: 4ae0482b05ab8b2d6285d22830b62db03794b62640541450e3d49402d684f9cd
            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction Fuzzy Hash: 9E91D270EA02079BEFA4DF6DC8C1ABEBBA5BF44320F94451AEE55E72C0E77089408711
            Function 01219126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2427461865.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 94a65c59daebcc48f46851c736d1b79966e735a820168fa6a559fa1cc58ec16c
            • Instruction ID: 69cc35d6e7571ca55245ea9df21fd23d215e238bd75cb107da114d762d811b50
            • Opcode Fuzzy Hash: 94a65c59daebcc48f46851c736d1b79966e735a820168fa6a559fa1cc58ec16c
            • Instruction Fuzzy Hash: 8F812B71D1026ADBDB35CB54CC55BEEB7B8AB48714F0041EAEA19B7280D7709E84CFA4