Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO No. 0146850827805.exe

Overview

General Information

Sample name:PO No. 0146850827805.exe
Analysis ID:1545930
MD5:5ad592fcf46ee793fbf36e4c2ff67542
SHA1:8c14971e5999d6ab0bd37f3b22804180a6ecb5e6
SHA256:b8d4c86463b945f866e0396ecf65af0e67e55224eecce97b033e25e816eca01e
Tags:exeuser-lowmal3
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PO No. 0146850827805.exe (PID: 1936 cmdline: "C:\Users\user\Desktop\PO No. 0146850827805.exe" MD5: 5AD592FCF46EE793FBF36E4C2FF67542)
    • PO No. 0146850827805.exe (PID: 7392 cmdline: "C:\Users\user\Desktop\PO No. 0146850827805.exe" MD5: 5AD592FCF46EE793FBF36E4C2FF67542)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.2310984519.0000000001330000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: PO No. 0146850827805.exe PID: 1936JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.PO No. 0146850827805.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.PO No. 0146850827805.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: PO No. 0146850827805.exeReversingLabs: Detection: 42%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2310984519.0000000001330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: PO No. 0146850827805.exeJoe Sandbox ML: detected
            Source: PO No. 0146850827805.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO No. 0146850827805.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: XUea.pdbSHA256 source: PO No. 0146850827805.exe
            Source: Binary string: wntdll.pdbUGP source: PO No. 0146850827805.exe, 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO No. 0146850827805.exe, PO No. 0146850827805.exe, 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: XUea.pdb source: PO No. 0146850827805.exe
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: tse1.mm.bing.net
            Source: PO No. 0146850827805.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2310984519.0000000001330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0042C433 NtClose,5_2_0042C433
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040A9E3 NtAllocateVirtualMemory,5_2_0040A9E3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2B60 NtClose,LdrInitializeThunk,5_2_018F2B60
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_018F2DF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_018F2C70
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F35C0 NtCreateMutant,LdrInitializeThunk,5_2_018F35C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F4340 NtSetContextThread,5_2_018F4340
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F4650 NtSuspendThread,5_2_018F4650
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2B80 NtQueryInformationFile,5_2_018F2B80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2BA0 NtEnumerateValueKey,5_2_018F2BA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2BE0 NtQueryValueKey,5_2_018F2BE0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2BF0 NtAllocateVirtualMemory,5_2_018F2BF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2AB0 NtWaitForSingleObject,5_2_018F2AB0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2AD0 NtReadFile,5_2_018F2AD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2AF0 NtWriteFile,5_2_018F2AF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2DB0 NtEnumerateKey,5_2_018F2DB0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2DD0 NtDelayExecution,5_2_018F2DD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2D00 NtSetInformationFile,5_2_018F2D00
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2D10 NtMapViewOfSection,5_2_018F2D10
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2D30 NtUnmapViewOfSection,5_2_018F2D30
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2CA0 NtQueryInformationToken,5_2_018F2CA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2CC0 NtQueryVirtualMemory,5_2_018F2CC0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2CF0 NtOpenProcess,5_2_018F2CF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2C00 NtQueryInformationProcess,5_2_018F2C00
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2C60 NtCreateKey,5_2_018F2C60
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2F90 NtProtectVirtualMemory,5_2_018F2F90
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2FA0 NtQuerySection,5_2_018F2FA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2FB0 NtResumeThread,5_2_018F2FB0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2FE0 NtCreateFile,5_2_018F2FE0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2F30 NtCreateSection,5_2_018F2F30
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2F60 NtCreateProcessEx,5_2_018F2F60
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2E80 NtReadVirtualMemory,5_2_018F2E80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2EA0 NtAdjustPrivilegesToken,5_2_018F2EA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2EE0 NtQueueApcThread,5_2_018F2EE0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2E30 NtWriteVirtualMemory,5_2_018F2E30
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F3090 NtSetValueKey,5_2_018F3090
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F3010 NtOpenDirectoryObject,5_2_018F3010
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F39B0 NtGetContextThread,5_2_018F39B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F3D10 NtOpenProcessToken,5_2_018F3D10
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F3D70 NtOpenThread,5_2_018F3D70
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_029942040_2_02994204
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0299E1340_2_0299E134
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_029970180_2_02997018
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07280E280_2_07280E28
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0728A6400_2_0728A640
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0728C6B00_2_0728C6B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0728C2780_2_0728C278
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_072830D00_2_072830D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07283F770_2_07283F77
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07283F880_2_07283F88
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0728CF880_2_0728CF88
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07280E210_2_07280E21
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07283CEA0_2_07283CEA
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07283CF00_2_07283CF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0728AA780_2_0728AA78
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_004011105_2_00401110
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040E13B5_2_0040E13B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0042EAD35_2_0042EAD3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_004023705_2_00402370
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040FCC35_2_0040FCC3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_004166135_2_00416613
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040FEE35_2_0040FEE3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040DF635_2_0040DF63
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_004027105_2_00402710
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00402FD05_2_00402FD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019801AA5_2_019801AA
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019781CC5_2_019781CC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B01005_2_018B0100
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195A1185_2_0195A118
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019481585_2_01948158
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019520005_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE3F05_2_018CE3F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019803E65_2_019803E6
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197A3525_2_0197A352
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019402C05_2_019402C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019602745_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019805915_2_01980591
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C05355_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0196E4F65_2_0196E4F6
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019644205_2_01964420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019724465_2_01972446
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BC7C05_2_018BC7C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E47505_2_018E4750
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C07705_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DC6E05_2_018DC6E0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A05_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0198A9A65_2_0198A9A6
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D69625_2_018D6962
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A68B85_2_018A68B8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE8F05_2_018EE8F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CA8405_2_018CA840
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C28405_2_018C2840
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01976BD75_2_01976BD7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197AB405_2_0197AB40
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA805_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D8DBF5_2_018D8DBF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BADE05_2_018BADE0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195CD1F5_2_0195CD1F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CAD005_2_018CAD00
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960CB55_2_01960CB5
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0CF25_2_018B0CF2
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0C005_2_018C0C00
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193EFA05_2_0193EFA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B2FC85_2_018B2FC8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CCFE05_2_018CCFE0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01962F305_2_01962F30
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01902F285_2_01902F28
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E0F305_2_018E0F30
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01934F405_2_01934F40
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197CE935_2_0197CE93
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2E905_2_018D2E90
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197EEDB5_2_0197EEDB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197EE265_2_0197EE26
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0E595_2_018C0E59
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CB1B05_2_018CB1B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F516C5_2_018F516C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0198B16B5_2_0198B16B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AF1725_2_018AF172
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C70C05_2_018C70C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0196F0CC5_2_0196F0CC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197F0E05_2_0197F0E0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019770E95_2_019770E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0190739A5_2_0190739A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197132D5_2_0197132D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AD34C5_2_018AD34C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C52A05_2_018C52A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DB2C05_2_018DB2C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019612ED5_2_019612ED
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195D5B05_2_0195D5B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019775715_2_01977571
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197F43F5_2_0197F43F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B14605_2_018B1460
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197F7B05_2_0197F7B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019716CC5_2_019716CC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019559105_2_01955910
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C99505_2_018C9950
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DB9505_2_018DB950
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C38E05_2_018C38E0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192D8005_2_0192D800
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DFB805_2_018DFB80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01935BF05_2_01935BF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018FDBF95_2_018FDBF9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197FB765_2_0197FB76
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01905AA05_2_01905AA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01961AA35_2_01961AA3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195DAAC5_2_0195DAAC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0196DAC65_2_0196DAC6
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01977A465_2_01977A46
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197FA495_2_0197FA49
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01933A6C5_2_01933A6C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DFDC05_2_018DFDC0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C3D405_2_018C3D40
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01971D5A5_2_01971D5A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01977D735_2_01977D73
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197FCF25_2_0197FCF2
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01939C325_2_01939C32
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C1F925_2_018C1F92
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197FFB15_2_0197FFB1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197FF095_2_0197FF09
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C9EB05_2_018C9EB0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: String function: 0193F290 appears 105 times
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: String function: 018F5130 appears 58 times
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: String function: 018AB970 appears 278 times
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: String function: 01907E54 appears 102 times
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: String function: 0192EA12 appears 86 times
            Source: PO No. 0146850827805.exe, 00000000.00000000.2113101891.000000000083C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXUea.exe: vs PO No. 0146850827805.exe
            Source: PO No. 0146850827805.exe, 00000000.00000002.2149884264.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO No. 0146850827805.exe
            Source: PO No. 0146850827805.exe, 00000000.00000002.2155440617.000000000B570000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO No. 0146850827805.exe
            Source: PO No. 0146850827805.exe, 00000000.00000002.2151404295.000000000436A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO No. 0146850827805.exe
            Source: PO No. 0146850827805.exe, 00000005.00000002.2311416978.00000000019AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO No. 0146850827805.exe
            Source: PO No. 0146850827805.exeBinary or memory string: OriginalFilenameXUea.exe: vs PO No. 0146850827805.exe
            Source: PO No. 0146850827805.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO No. 0146850827805.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, Ly2n2FR1qPVAHNASeT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, Ly2n2FR1qPVAHNASeT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, WHEeAVIAhQ2VVqtDax.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, Ly2n2FR1qPVAHNASeT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal80.troj.evad.winEXE@3/1@1/0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO No. 0146850827805.exe.logJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMutant created: NULL
            Source: PO No. 0146850827805.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO No. 0146850827805.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: PO No. 0146850827805.exeReversingLabs: Detection: 42%
            Source: unknownProcess created: C:\Users\user\Desktop\PO No. 0146850827805.exe "C:\Users\user\Desktop\PO No. 0146850827805.exe"
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess created: C:\Users\user\Desktop\PO No. 0146850827805.exe "C:\Users\user\Desktop\PO No. 0146850827805.exe"
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess created: C:\Users\user\Desktop\PO No. 0146850827805.exe "C:\Users\user\Desktop\PO No. 0146850827805.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: PO No. 0146850827805.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO No. 0146850827805.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: PO No. 0146850827805.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: XUea.pdbSHA256 source: PO No. 0146850827805.exe
            Source: Binary string: wntdll.pdbUGP source: PO No. 0146850827805.exe, 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO No. 0146850827805.exe, PO No. 0146850827805.exe, 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: XUea.pdb source: PO No. 0146850827805.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, WHEeAVIAhQ2VVqtDax.cs.Net Code: myD7QjxHmp System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, WHEeAVIAhQ2VVqtDax.cs.Net Code: myD7QjxHmp System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO No. 0146850827805.exe.7250000.2.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, WHEeAVIAhQ2VVqtDax.cs.Net Code: myD7QjxHmp System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_0728A065 pushad ; retf 0_2_0728A066
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 0_2_07285EA2 pushfd ; ret 0_2_07285EB1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00406155 push ss; retf 5_2_00406160
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00403270 push eax; ret 5_2_00403272
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040227F pushad ; retf 5_2_00402280
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0040BB30 push eax; ret 5_2_0040BB31
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0041F3C9 push ss; retf 5_2_0041F3CB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00404DCD push ebx; iretd 5_2_00404DD8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_004066BD push edx; iretd 5_2_004066BF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00413F7E pushad ; retf 5_2_00414025
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00413FC5 pushad ; retf 5_2_00414025
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B09AD push ecx; mov dword ptr [esp], ecx5_2_018B09B6
            Source: PO No. 0146850827805.exeStatic PE information: section name: .text entropy: 7.6971538943693485
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, RB1vHqz96hDBHdnj3E.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uUFPNbuba9', 'xOLP6o72xI', 'qZYPhjVgj6', 'SPeP41bKYs', 'UsZPYddF8U', 'WoZPPZwIdN', 'NxaPp1loZx'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, cFTWdEqkulx2PkBiFIP.csHigh entropy of concatenated method names: 'mECPsMnwHy', 'n2UPrA9V93', 'I9bPQ5UaPc', 'VvqPlbvHFl', 'plUPu1Il7W', 'PMaPJYdMGk', 'JK1P9dSbky', 'pPwPMUG84l', 'OXVPZBDMtN', 'TMcPy0JR2q'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, zb6SZaye83i9fbm1kr.csHigh entropy of concatenated method names: 'yMsqlB7XmF', 'pObqJRHPVX', 'QuiqMoxAXD', 'eCYqZAEuYG', 'ohGq6N8VVX', 'gtxqhMS1XH', 'WjJq41JM69', 'qXyqYarUhL', 'gPrqPwMNDc', 'Wi4qpA5qmE'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, Ly2n2FR1qPVAHNASeT.csHigh entropy of concatenated method names: 'NXBOoO523i', 'cK4OgMGtkY', 'W2cOGARxxa', 'HUnO2s16Ml', 'tG2OiEPsvl', 'jvPOSTBCGk', 'PH0Oty2Oq0', 'uj7ORUNXLt', 'Pv2OCp4hx6', 'NoqO0He2ll'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, WHEeAVIAhQ2VVqtDax.csHigh entropy of concatenated method names: 'g6vwbB90jn', 'RiMwBhBj2Y', 'H8pwO9uby7', 'eb6wq2K4mK', 'esxwUW21NT', 'vDcwEAnPUa', 'aOcwm7WOJp', 'qKUwXgKOf7', 'L8pwv1CInF', 'wuIwDw1wDC'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, J16PouoGu9k3usmwgB.csHigh entropy of concatenated method names: 'x9dYBxBDHc', 'VuOYOhYc5V', 'FAOYqmdaIo', 'S4MYUZQbOA', 'iWvYEu0IuC', 'kQxYmXtKN8', 'PqYYXlNNlV', 'iRKYvf9uaL', 'klMYDIY0WN', 'asMYnS6RDY'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, Y8usZfvnSJVhgExt2Z.csHigh entropy of concatenated method names: 'BOAUu29ol3', 'zjhU9CWC2k', 'GyFqAx2QbH', 'd9kqk7SJF0', 'A9WqfINa5g', 'rBxqx7m1Z3', 'VqtqVVIRQY', 'PLYq3yBfob', 'ISbq89oEw0', 'Hv5qTrvmKv'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, AEwrW5nDVN63CBRCaS.csHigh entropy of concatenated method names: 'ijZEbuBS0Z', 'CivEOs49cL', 'vi3EUP39OU', 'eypEmyhJgc', 'xlQEXAX6UA', 'OcDUiYSvcq', 'T3sUSV8Ypy', 'GqYUtaAESj', 'UjPURii7Rw', 'gaFUC4pu08'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, GMDAjppPN1UPYqfMoi.csHigh entropy of concatenated method names: 'h69msvMnwc', 'IQsmrubmbP', 'BUkmQTw4he', 'RNWmlZdCJ3', 'aHymuAAB20', 'RSmmJw8MOI', 'Ream9ZAViE', 'UfPmMvPrQq', 'j9amZX0IRM', 'Q12myCadgt'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, tkoYBGSdJeoOIdmjLA.csHigh entropy of concatenated method names: 'sZb6T2TXEu', 'sq96a4r8wP', 'oZ56oP6ckd', 'bIa6g5cGph', 'bRM61WxA5n', 'KO26AhWeZc', 'Teu6k1u56k', 'fpi6fx4QLi', 'a2a6xj1dTC', 'BDg6VmMZPX'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, ocLljcruWS3sK0t2rF.csHigh entropy of concatenated method names: 'ToString', 'VRDhIYPpqi', 'Ncmh18oxR8', 'f0ZhA98yHa', 'CswhkKC31s', 'O45hfyZFYY', 'jWJhx0tSVD', 'mcrhVA7nhL', 'WMUh3YxkTf', 'AmDh8d2qB1'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, PsJu0yx9sCp8HrLcYr.csHigh entropy of concatenated method names: 'M2kPKY3pii', 'Qx7PwbQfLe', 'xxbP73oEQT', 'MlBPBk5Wiv', 'Ik8POq0YuR', 'zqBPUIk4Gq', 'aZkPE3HYiE', 'vidYtOJ9Ea', 'rJDYRclWjc', 'NuDYCAeJOY'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, lT8REygkyjK3OLql1J.csHigh entropy of concatenated method names: 'Pt7mBaeyDq', 'csbmqLKNND', 'jJJmEtPTgX', 'tZgE0DU4LY', 'k2UEzOibAV', 'LoEmLseMGq', 'zgwmK4qDl6', 'S9ym51X97j', 'IhcmwfvqLU', 'xAIm72wTFu'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, z0ec5vfTIxmhrCL2R3.csHigh entropy of concatenated method names: 'elmNMtFhQZ', 'R77NZSp4et', 'me6NHVxY0u', 'PAEN1tNuwx', 'vQUNk2Y9oP', 'ntBNf7093M', 'oPINVyOesy', 'W2LN3LIhPX', 'IB3NToknjr', 'O7FNIN2CSk'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, j0uJiSWUUk6Xq8FhWL.csHigh entropy of concatenated method names: 'PRUYHT5M2B', 'unpY178P9A', 'iAbYAGnEG1', 'CKSYkY3xuf', 'w7rYoj2j3q', 'kTFYf2XfLQ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, Cas5vlUCGsJqWwcGaV.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'w1O5CG9nV1', 'Htd50tlNG9', 'tpt5zNAbAi', 'oFhwLGx8Lr', 'tsOwKIOoW3', 'Jiaw5GdpLl', 'UZ1wwAF43n', 'dlPUH7gZsDs56x6A1Kb'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, pRbWak6bSSkWNkKJjV.csHigh entropy of concatenated method names: 'HpHQPBqGM', 'WSPln5vL5', 'rE7JTUWta', 'lV09wylf7', 'K3yZjLqtd', 'y40ygb6gl', 'FD097lror8wcpr7ZjD', 'yapLlUeR8VbLpMpqQk', 'Q95YVJvDI', 'nXepXntTZ'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, UQrExRZoqktKXyNIAe.csHigh entropy of concatenated method names: 'NIZKmbAG5q', 'X88KXHEonh', 'swLKDfaqwk', 'VAwKnQj8ZN', 'dZqK6pJ3E7', 'IP0KhQuqu8', 'dy0vYGQBRNqiLFRGJO', 'T7XwXX96kTb1mOhbXi', 'n1JKKOfVsD', 'wG4KwKClGO'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, On7kxQHpLldMPh9A3I.csHigh entropy of concatenated method names: 'Nmo4RZ7w2v', 'hhE40ePaiT', 'dl5YL59BhT', 'C0eYKtr0EU', 'db84ICB1SB', 'Uuy4a5LkjS', 'Pql4WWVTjo', 'qE74oyhEei', 'hcc4gCnCoK', 'mbL4GLBYNN'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, VvaRBJjjrIGGmwMvqy.csHigh entropy of concatenated method names: 'Dispose', 'Xm5KCmHn6T', 'mJn51jF45B', 'XQLeesLdwc', 'AqSK0vIgcm', 'YFQKzjYfAy', 'ProcessDialogKey', 'vam5LLSJM2', 'gWQ5KW3SbU', 'uWN556ptXk'
            Source: 0.2.PO No. 0146850827805.exe.4628490.1.raw.unpack, gjAuOPqB1oROb0fHjoo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'J24poQoPTh', 'BYjpgkRxX3', 'HgipGj68uX', 'ap8p2yml9g', 'aCOpi8Fl0M', 'xB8pS2M2Ht', 'Aokptop3Eq'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, RB1vHqz96hDBHdnj3E.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uUFPNbuba9', 'xOLP6o72xI', 'qZYPhjVgj6', 'SPeP41bKYs', 'UsZPYddF8U', 'WoZPPZwIdN', 'NxaPp1loZx'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, cFTWdEqkulx2PkBiFIP.csHigh entropy of concatenated method names: 'mECPsMnwHy', 'n2UPrA9V93', 'I9bPQ5UaPc', 'VvqPlbvHFl', 'plUPu1Il7W', 'PMaPJYdMGk', 'JK1P9dSbky', 'pPwPMUG84l', 'OXVPZBDMtN', 'TMcPy0JR2q'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, zb6SZaye83i9fbm1kr.csHigh entropy of concatenated method names: 'yMsqlB7XmF', 'pObqJRHPVX', 'QuiqMoxAXD', 'eCYqZAEuYG', 'ohGq6N8VVX', 'gtxqhMS1XH', 'WjJq41JM69', 'qXyqYarUhL', 'gPrqPwMNDc', 'Wi4qpA5qmE'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, Ly2n2FR1qPVAHNASeT.csHigh entropy of concatenated method names: 'NXBOoO523i', 'cK4OgMGtkY', 'W2cOGARxxa', 'HUnO2s16Ml', 'tG2OiEPsvl', 'jvPOSTBCGk', 'PH0Oty2Oq0', 'uj7ORUNXLt', 'Pv2OCp4hx6', 'NoqO0He2ll'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, WHEeAVIAhQ2VVqtDax.csHigh entropy of concatenated method names: 'g6vwbB90jn', 'RiMwBhBj2Y', 'H8pwO9uby7', 'eb6wq2K4mK', 'esxwUW21NT', 'vDcwEAnPUa', 'aOcwm7WOJp', 'qKUwXgKOf7', 'L8pwv1CInF', 'wuIwDw1wDC'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, J16PouoGu9k3usmwgB.csHigh entropy of concatenated method names: 'x9dYBxBDHc', 'VuOYOhYc5V', 'FAOYqmdaIo', 'S4MYUZQbOA', 'iWvYEu0IuC', 'kQxYmXtKN8', 'PqYYXlNNlV', 'iRKYvf9uaL', 'klMYDIY0WN', 'asMYnS6RDY'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, Y8usZfvnSJVhgExt2Z.csHigh entropy of concatenated method names: 'BOAUu29ol3', 'zjhU9CWC2k', 'GyFqAx2QbH', 'd9kqk7SJF0', 'A9WqfINa5g', 'rBxqx7m1Z3', 'VqtqVVIRQY', 'PLYq3yBfob', 'ISbq89oEw0', 'Hv5qTrvmKv'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, AEwrW5nDVN63CBRCaS.csHigh entropy of concatenated method names: 'ijZEbuBS0Z', 'CivEOs49cL', 'vi3EUP39OU', 'eypEmyhJgc', 'xlQEXAX6UA', 'OcDUiYSvcq', 'T3sUSV8Ypy', 'GqYUtaAESj', 'UjPURii7Rw', 'gaFUC4pu08'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, GMDAjppPN1UPYqfMoi.csHigh entropy of concatenated method names: 'h69msvMnwc', 'IQsmrubmbP', 'BUkmQTw4he', 'RNWmlZdCJ3', 'aHymuAAB20', 'RSmmJw8MOI', 'Ream9ZAViE', 'UfPmMvPrQq', 'j9amZX0IRM', 'Q12myCadgt'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, tkoYBGSdJeoOIdmjLA.csHigh entropy of concatenated method names: 'sZb6T2TXEu', 'sq96a4r8wP', 'oZ56oP6ckd', 'bIa6g5cGph', 'bRM61WxA5n', 'KO26AhWeZc', 'Teu6k1u56k', 'fpi6fx4QLi', 'a2a6xj1dTC', 'BDg6VmMZPX'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, ocLljcruWS3sK0t2rF.csHigh entropy of concatenated method names: 'ToString', 'VRDhIYPpqi', 'Ncmh18oxR8', 'f0ZhA98yHa', 'CswhkKC31s', 'O45hfyZFYY', 'jWJhx0tSVD', 'mcrhVA7nhL', 'WMUh3YxkTf', 'AmDh8d2qB1'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, PsJu0yx9sCp8HrLcYr.csHigh entropy of concatenated method names: 'M2kPKY3pii', 'Qx7PwbQfLe', 'xxbP73oEQT', 'MlBPBk5Wiv', 'Ik8POq0YuR', 'zqBPUIk4Gq', 'aZkPE3HYiE', 'vidYtOJ9Ea', 'rJDYRclWjc', 'NuDYCAeJOY'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, lT8REygkyjK3OLql1J.csHigh entropy of concatenated method names: 'Pt7mBaeyDq', 'csbmqLKNND', 'jJJmEtPTgX', 'tZgE0DU4LY', 'k2UEzOibAV', 'LoEmLseMGq', 'zgwmK4qDl6', 'S9ym51X97j', 'IhcmwfvqLU', 'xAIm72wTFu'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, z0ec5vfTIxmhrCL2R3.csHigh entropy of concatenated method names: 'elmNMtFhQZ', 'R77NZSp4et', 'me6NHVxY0u', 'PAEN1tNuwx', 'vQUNk2Y9oP', 'ntBNf7093M', 'oPINVyOesy', 'W2LN3LIhPX', 'IB3NToknjr', 'O7FNIN2CSk'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, j0uJiSWUUk6Xq8FhWL.csHigh entropy of concatenated method names: 'PRUYHT5M2B', 'unpY178P9A', 'iAbYAGnEG1', 'CKSYkY3xuf', 'w7rYoj2j3q', 'kTFYf2XfLQ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, Cas5vlUCGsJqWwcGaV.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'w1O5CG9nV1', 'Htd50tlNG9', 'tpt5zNAbAi', 'oFhwLGx8Lr', 'tsOwKIOoW3', 'Jiaw5GdpLl', 'UZ1wwAF43n', 'dlPUH7gZsDs56x6A1Kb'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, pRbWak6bSSkWNkKJjV.csHigh entropy of concatenated method names: 'HpHQPBqGM', 'WSPln5vL5', 'rE7JTUWta', 'lV09wylf7', 'K3yZjLqtd', 'y40ygb6gl', 'FD097lror8wcpr7ZjD', 'yapLlUeR8VbLpMpqQk', 'Q95YVJvDI', 'nXepXntTZ'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, UQrExRZoqktKXyNIAe.csHigh entropy of concatenated method names: 'NIZKmbAG5q', 'X88KXHEonh', 'swLKDfaqwk', 'VAwKnQj8ZN', 'dZqK6pJ3E7', 'IP0KhQuqu8', 'dy0vYGQBRNqiLFRGJO', 'T7XwXX96kTb1mOhbXi', 'n1JKKOfVsD', 'wG4KwKClGO'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, On7kxQHpLldMPh9A3I.csHigh entropy of concatenated method names: 'Nmo4RZ7w2v', 'hhE40ePaiT', 'dl5YL59BhT', 'C0eYKtr0EU', 'db84ICB1SB', 'Uuy4a5LkjS', 'Pql4WWVTjo', 'qE74oyhEei', 'hcc4gCnCoK', 'mbL4GLBYNN'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, VvaRBJjjrIGGmwMvqy.csHigh entropy of concatenated method names: 'Dispose', 'Xm5KCmHn6T', 'mJn51jF45B', 'XQLeesLdwc', 'AqSK0vIgcm', 'YFQKzjYfAy', 'ProcessDialogKey', 'vam5LLSJM2', 'gWQ5KW3SbU', 'uWN556ptXk'
            Source: 0.2.PO No. 0146850827805.exe.b570000.3.raw.unpack, gjAuOPqB1oROb0fHjoo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'J24poQoPTh', 'BYjpgkRxX3', 'HgipGj68uX', 'ap8p2yml9g', 'aCOpi8Fl0M', 'xB8pS2M2Ht', 'Aokptop3Eq'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, RB1vHqz96hDBHdnj3E.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uUFPNbuba9', 'xOLP6o72xI', 'qZYPhjVgj6', 'SPeP41bKYs', 'UsZPYddF8U', 'WoZPPZwIdN', 'NxaPp1loZx'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, cFTWdEqkulx2PkBiFIP.csHigh entropy of concatenated method names: 'mECPsMnwHy', 'n2UPrA9V93', 'I9bPQ5UaPc', 'VvqPlbvHFl', 'plUPu1Il7W', 'PMaPJYdMGk', 'JK1P9dSbky', 'pPwPMUG84l', 'OXVPZBDMtN', 'TMcPy0JR2q'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, zb6SZaye83i9fbm1kr.csHigh entropy of concatenated method names: 'yMsqlB7XmF', 'pObqJRHPVX', 'QuiqMoxAXD', 'eCYqZAEuYG', 'ohGq6N8VVX', 'gtxqhMS1XH', 'WjJq41JM69', 'qXyqYarUhL', 'gPrqPwMNDc', 'Wi4qpA5qmE'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, Ly2n2FR1qPVAHNASeT.csHigh entropy of concatenated method names: 'NXBOoO523i', 'cK4OgMGtkY', 'W2cOGARxxa', 'HUnO2s16Ml', 'tG2OiEPsvl', 'jvPOSTBCGk', 'PH0Oty2Oq0', 'uj7ORUNXLt', 'Pv2OCp4hx6', 'NoqO0He2ll'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, WHEeAVIAhQ2VVqtDax.csHigh entropy of concatenated method names: 'g6vwbB90jn', 'RiMwBhBj2Y', 'H8pwO9uby7', 'eb6wq2K4mK', 'esxwUW21NT', 'vDcwEAnPUa', 'aOcwm7WOJp', 'qKUwXgKOf7', 'L8pwv1CInF', 'wuIwDw1wDC'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, J16PouoGu9k3usmwgB.csHigh entropy of concatenated method names: 'x9dYBxBDHc', 'VuOYOhYc5V', 'FAOYqmdaIo', 'S4MYUZQbOA', 'iWvYEu0IuC', 'kQxYmXtKN8', 'PqYYXlNNlV', 'iRKYvf9uaL', 'klMYDIY0WN', 'asMYnS6RDY'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, Y8usZfvnSJVhgExt2Z.csHigh entropy of concatenated method names: 'BOAUu29ol3', 'zjhU9CWC2k', 'GyFqAx2QbH', 'd9kqk7SJF0', 'A9WqfINa5g', 'rBxqx7m1Z3', 'VqtqVVIRQY', 'PLYq3yBfob', 'ISbq89oEw0', 'Hv5qTrvmKv'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, AEwrW5nDVN63CBRCaS.csHigh entropy of concatenated method names: 'ijZEbuBS0Z', 'CivEOs49cL', 'vi3EUP39OU', 'eypEmyhJgc', 'xlQEXAX6UA', 'OcDUiYSvcq', 'T3sUSV8Ypy', 'GqYUtaAESj', 'UjPURii7Rw', 'gaFUC4pu08'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, GMDAjppPN1UPYqfMoi.csHigh entropy of concatenated method names: 'h69msvMnwc', 'IQsmrubmbP', 'BUkmQTw4he', 'RNWmlZdCJ3', 'aHymuAAB20', 'RSmmJw8MOI', 'Ream9ZAViE', 'UfPmMvPrQq', 'j9amZX0IRM', 'Q12myCadgt'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, tkoYBGSdJeoOIdmjLA.csHigh entropy of concatenated method names: 'sZb6T2TXEu', 'sq96a4r8wP', 'oZ56oP6ckd', 'bIa6g5cGph', 'bRM61WxA5n', 'KO26AhWeZc', 'Teu6k1u56k', 'fpi6fx4QLi', 'a2a6xj1dTC', 'BDg6VmMZPX'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, ocLljcruWS3sK0t2rF.csHigh entropy of concatenated method names: 'ToString', 'VRDhIYPpqi', 'Ncmh18oxR8', 'f0ZhA98yHa', 'CswhkKC31s', 'O45hfyZFYY', 'jWJhx0tSVD', 'mcrhVA7nhL', 'WMUh3YxkTf', 'AmDh8d2qB1'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, PsJu0yx9sCp8HrLcYr.csHigh entropy of concatenated method names: 'M2kPKY3pii', 'Qx7PwbQfLe', 'xxbP73oEQT', 'MlBPBk5Wiv', 'Ik8POq0YuR', 'zqBPUIk4Gq', 'aZkPE3HYiE', 'vidYtOJ9Ea', 'rJDYRclWjc', 'NuDYCAeJOY'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, lT8REygkyjK3OLql1J.csHigh entropy of concatenated method names: 'Pt7mBaeyDq', 'csbmqLKNND', 'jJJmEtPTgX', 'tZgE0DU4LY', 'k2UEzOibAV', 'LoEmLseMGq', 'zgwmK4qDl6', 'S9ym51X97j', 'IhcmwfvqLU', 'xAIm72wTFu'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, z0ec5vfTIxmhrCL2R3.csHigh entropy of concatenated method names: 'elmNMtFhQZ', 'R77NZSp4et', 'me6NHVxY0u', 'PAEN1tNuwx', 'vQUNk2Y9oP', 'ntBNf7093M', 'oPINVyOesy', 'W2LN3LIhPX', 'IB3NToknjr', 'O7FNIN2CSk'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, j0uJiSWUUk6Xq8FhWL.csHigh entropy of concatenated method names: 'PRUYHT5M2B', 'unpY178P9A', 'iAbYAGnEG1', 'CKSYkY3xuf', 'w7rYoj2j3q', 'kTFYf2XfLQ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, Cas5vlUCGsJqWwcGaV.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'w1O5CG9nV1', 'Htd50tlNG9', 'tpt5zNAbAi', 'oFhwLGx8Lr', 'tsOwKIOoW3', 'Jiaw5GdpLl', 'UZ1wwAF43n', 'dlPUH7gZsDs56x6A1Kb'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, pRbWak6bSSkWNkKJjV.csHigh entropy of concatenated method names: 'HpHQPBqGM', 'WSPln5vL5', 'rE7JTUWta', 'lV09wylf7', 'K3yZjLqtd', 'y40ygb6gl', 'FD097lror8wcpr7ZjD', 'yapLlUeR8VbLpMpqQk', 'Q95YVJvDI', 'nXepXntTZ'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, UQrExRZoqktKXyNIAe.csHigh entropy of concatenated method names: 'NIZKmbAG5q', 'X88KXHEonh', 'swLKDfaqwk', 'VAwKnQj8ZN', 'dZqK6pJ3E7', 'IP0KhQuqu8', 'dy0vYGQBRNqiLFRGJO', 'T7XwXX96kTb1mOhbXi', 'n1JKKOfVsD', 'wG4KwKClGO'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, On7kxQHpLldMPh9A3I.csHigh entropy of concatenated method names: 'Nmo4RZ7w2v', 'hhE40ePaiT', 'dl5YL59BhT', 'C0eYKtr0EU', 'db84ICB1SB', 'Uuy4a5LkjS', 'Pql4WWVTjo', 'qE74oyhEei', 'hcc4gCnCoK', 'mbL4GLBYNN'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, VvaRBJjjrIGGmwMvqy.csHigh entropy of concatenated method names: 'Dispose', 'Xm5KCmHn6T', 'mJn51jF45B', 'XQLeesLdwc', 'AqSK0vIgcm', 'YFQKzjYfAy', 'ProcessDialogKey', 'vam5LLSJM2', 'gWQ5KW3SbU', 'uWN556ptXk'
            Source: 0.2.PO No. 0146850827805.exe.45a0670.0.raw.unpack, gjAuOPqB1oROb0fHjoo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'J24poQoPTh', 'BYjpgkRxX3', 'HgipGj68uX', 'ap8p2yml9g', 'aCOpi8Fl0M', 'xB8pS2M2Ht', 'Aokptop3Eq'
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO No. 0146850827805.exe PID: 1936, type: MEMORYSTR
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: 2B10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: 4B10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: 8E20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: 9E20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: A030000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: B030000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: B610000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: C610000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F096E rdtsc 5_2_018F096E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeAPI coverage: 0.7 %
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exe TID: 5644Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exe TID: 7396Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F096E rdtsc 5_2_018F096E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_00417563 LdrLoadDll,5_2_00417563
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F0185 mov eax, dword ptr fs:[00000030h]5_2_018F0185
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193019F mov eax, dword ptr fs:[00000030h]5_2_0193019F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193019F mov eax, dword ptr fs:[00000030h]5_2_0193019F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193019F mov eax, dword ptr fs:[00000030h]5_2_0193019F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193019F mov eax, dword ptr fs:[00000030h]5_2_0193019F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01954180 mov eax, dword ptr fs:[00000030h]5_2_01954180
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01954180 mov eax, dword ptr fs:[00000030h]5_2_01954180
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AA197 mov eax, dword ptr fs:[00000030h]5_2_018AA197
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AA197 mov eax, dword ptr fs:[00000030h]5_2_018AA197
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AA197 mov eax, dword ptr fs:[00000030h]5_2_018AA197
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0196C188 mov eax, dword ptr fs:[00000030h]5_2_0196C188
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0196C188 mov eax, dword ptr fs:[00000030h]5_2_0196C188
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E1D0 mov eax, dword ptr fs:[00000030h]5_2_0192E1D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E1D0 mov eax, dword ptr fs:[00000030h]5_2_0192E1D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0192E1D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E1D0 mov eax, dword ptr fs:[00000030h]5_2_0192E1D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E1D0 mov eax, dword ptr fs:[00000030h]5_2_0192E1D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019761C3 mov eax, dword ptr fs:[00000030h]5_2_019761C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019761C3 mov eax, dword ptr fs:[00000030h]5_2_019761C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E01F8 mov eax, dword ptr fs:[00000030h]5_2_018E01F8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019861E5 mov eax, dword ptr fs:[00000030h]5_2_019861E5
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01970115 mov eax, dword ptr fs:[00000030h]5_2_01970115
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195A118 mov ecx, dword ptr fs:[00000030h]5_2_0195A118
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195A118 mov eax, dword ptr fs:[00000030h]5_2_0195A118
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195A118 mov eax, dword ptr fs:[00000030h]5_2_0195A118
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195A118 mov eax, dword ptr fs:[00000030h]5_2_0195A118
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov eax, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov ecx, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov eax, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov eax, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov ecx, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov eax, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov eax, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov ecx, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov eax, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E10E mov ecx, dword ptr fs:[00000030h]5_2_0195E10E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E0124 mov eax, dword ptr fs:[00000030h]5_2_018E0124
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01948158 mov eax, dword ptr fs:[00000030h]5_2_01948158
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01944144 mov eax, dword ptr fs:[00000030h]5_2_01944144
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01944144 mov eax, dword ptr fs:[00000030h]5_2_01944144
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01944144 mov ecx, dword ptr fs:[00000030h]5_2_01944144
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01944144 mov eax, dword ptr fs:[00000030h]5_2_01944144
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01944144 mov eax, dword ptr fs:[00000030h]5_2_01944144
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AC156 mov eax, dword ptr fs:[00000030h]5_2_018AC156
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6154 mov eax, dword ptr fs:[00000030h]5_2_018B6154
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6154 mov eax, dword ptr fs:[00000030h]5_2_018B6154
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B208A mov eax, dword ptr fs:[00000030h]5_2_018B208A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019760B8 mov eax, dword ptr fs:[00000030h]5_2_019760B8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019760B8 mov ecx, dword ptr fs:[00000030h]5_2_019760B8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019480A8 mov eax, dword ptr fs:[00000030h]5_2_019480A8
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019320DE mov eax, dword ptr fs:[00000030h]5_2_019320DE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B80E9 mov eax, dword ptr fs:[00000030h]5_2_018B80E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AA0E3 mov ecx, dword ptr fs:[00000030h]5_2_018AA0E3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019360E0 mov eax, dword ptr fs:[00000030h]5_2_019360E0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AC0F0 mov eax, dword ptr fs:[00000030h]5_2_018AC0F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F20F0 mov ecx, dword ptr fs:[00000030h]5_2_018F20F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01934000 mov ecx, dword ptr fs:[00000030h]5_2_01934000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01952000 mov eax, dword ptr fs:[00000030h]5_2_01952000
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE016 mov eax, dword ptr fs:[00000030h]5_2_018CE016
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE016 mov eax, dword ptr fs:[00000030h]5_2_018CE016
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE016 mov eax, dword ptr fs:[00000030h]5_2_018CE016
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE016 mov eax, dword ptr fs:[00000030h]5_2_018CE016
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01946030 mov eax, dword ptr fs:[00000030h]5_2_01946030
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AA020 mov eax, dword ptr fs:[00000030h]5_2_018AA020
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AC020 mov eax, dword ptr fs:[00000030h]5_2_018AC020
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936050 mov eax, dword ptr fs:[00000030h]5_2_01936050
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B2050 mov eax, dword ptr fs:[00000030h]5_2_018B2050
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DC073 mov eax, dword ptr fs:[00000030h]5_2_018DC073
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AE388 mov eax, dword ptr fs:[00000030h]5_2_018AE388
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AE388 mov eax, dword ptr fs:[00000030h]5_2_018AE388
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AE388 mov eax, dword ptr fs:[00000030h]5_2_018AE388
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D438F mov eax, dword ptr fs:[00000030h]5_2_018D438F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D438F mov eax, dword ptr fs:[00000030h]5_2_018D438F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A8397 mov eax, dword ptr fs:[00000030h]5_2_018A8397
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A8397 mov eax, dword ptr fs:[00000030h]5_2_018A8397
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A8397 mov eax, dword ptr fs:[00000030h]5_2_018A8397
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019543D4 mov eax, dword ptr fs:[00000030h]5_2_019543D4
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019543D4 mov eax, dword ptr fs:[00000030h]5_2_019543D4
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA3C0 mov eax, dword ptr fs:[00000030h]5_2_018BA3C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA3C0 mov eax, dword ptr fs:[00000030h]5_2_018BA3C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA3C0 mov eax, dword ptr fs:[00000030h]5_2_018BA3C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA3C0 mov eax, dword ptr fs:[00000030h]5_2_018BA3C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA3C0 mov eax, dword ptr fs:[00000030h]5_2_018BA3C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA3C0 mov eax, dword ptr fs:[00000030h]5_2_018BA3C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B83C0 mov eax, dword ptr fs:[00000030h]5_2_018B83C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B83C0 mov eax, dword ptr fs:[00000030h]5_2_018B83C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B83C0 mov eax, dword ptr fs:[00000030h]5_2_018B83C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B83C0 mov eax, dword ptr fs:[00000030h]5_2_018B83C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E3DB mov eax, dword ptr fs:[00000030h]5_2_0195E3DB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E3DB mov eax, dword ptr fs:[00000030h]5_2_0195E3DB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E3DB mov ecx, dword ptr fs:[00000030h]5_2_0195E3DB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195E3DB mov eax, dword ptr fs:[00000030h]5_2_0195E3DB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019363C0 mov eax, dword ptr fs:[00000030h]5_2_019363C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0196C3CD mov eax, dword ptr fs:[00000030h]5_2_0196C3CD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C03E9 mov eax, dword ptr fs:[00000030h]5_2_018C03E9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E63FF mov eax, dword ptr fs:[00000030h]5_2_018E63FF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE3F0 mov eax, dword ptr fs:[00000030h]5_2_018CE3F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE3F0 mov eax, dword ptr fs:[00000030h]5_2_018CE3F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE3F0 mov eax, dword ptr fs:[00000030h]5_2_018CE3F0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA30B mov eax, dword ptr fs:[00000030h]5_2_018EA30B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA30B mov eax, dword ptr fs:[00000030h]5_2_018EA30B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA30B mov eax, dword ptr fs:[00000030h]5_2_018EA30B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AC310 mov ecx, dword ptr fs:[00000030h]5_2_018AC310
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D0310 mov ecx, dword ptr fs:[00000030h]5_2_018D0310
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197A352 mov eax, dword ptr fs:[00000030h]5_2_0197A352
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01958350 mov ecx, dword ptr fs:[00000030h]5_2_01958350
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193035C mov eax, dword ptr fs:[00000030h]5_2_0193035C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193035C mov eax, dword ptr fs:[00000030h]5_2_0193035C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193035C mov eax, dword ptr fs:[00000030h]5_2_0193035C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193035C mov ecx, dword ptr fs:[00000030h]5_2_0193035C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193035C mov eax, dword ptr fs:[00000030h]5_2_0193035C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193035C mov eax, dword ptr fs:[00000030h]5_2_0193035C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01932349 mov eax, dword ptr fs:[00000030h]5_2_01932349
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195437C mov eax, dword ptr fs:[00000030h]5_2_0195437C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE284 mov eax, dword ptr fs:[00000030h]5_2_018EE284
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE284 mov eax, dword ptr fs:[00000030h]5_2_018EE284
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01930283 mov eax, dword ptr fs:[00000030h]5_2_01930283
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01930283 mov eax, dword ptr fs:[00000030h]5_2_01930283
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01930283 mov eax, dword ptr fs:[00000030h]5_2_01930283
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019462A0 mov eax, dword ptr fs:[00000030h]5_2_019462A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019462A0 mov ecx, dword ptr fs:[00000030h]5_2_019462A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019462A0 mov eax, dword ptr fs:[00000030h]5_2_019462A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019462A0 mov eax, dword ptr fs:[00000030h]5_2_019462A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019462A0 mov eax, dword ptr fs:[00000030h]5_2_019462A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019462A0 mov eax, dword ptr fs:[00000030h]5_2_019462A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA2C3 mov eax, dword ptr fs:[00000030h]5_2_018BA2C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA2C3 mov eax, dword ptr fs:[00000030h]5_2_018BA2C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA2C3 mov eax, dword ptr fs:[00000030h]5_2_018BA2C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA2C3 mov eax, dword ptr fs:[00000030h]5_2_018BA2C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA2C3 mov eax, dword ptr fs:[00000030h]5_2_018BA2C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C02E1 mov eax, dword ptr fs:[00000030h]5_2_018C02E1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C02E1 mov eax, dword ptr fs:[00000030h]5_2_018C02E1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C02E1 mov eax, dword ptr fs:[00000030h]5_2_018C02E1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A823B mov eax, dword ptr fs:[00000030h]5_2_018A823B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01938243 mov eax, dword ptr fs:[00000030h]5_2_01938243
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01938243 mov ecx, dword ptr fs:[00000030h]5_2_01938243
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6259 mov eax, dword ptr fs:[00000030h]5_2_018B6259
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AA250 mov eax, dword ptr fs:[00000030h]5_2_018AA250
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A826B mov eax, dword ptr fs:[00000030h]5_2_018A826B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01960274 mov eax, dword ptr fs:[00000030h]5_2_01960274
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4260 mov eax, dword ptr fs:[00000030h]5_2_018B4260
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4260 mov eax, dword ptr fs:[00000030h]5_2_018B4260
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4260 mov eax, dword ptr fs:[00000030h]5_2_018B4260
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E4588 mov eax, dword ptr fs:[00000030h]5_2_018E4588
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B2582 mov eax, dword ptr fs:[00000030h]5_2_018B2582
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B2582 mov ecx, dword ptr fs:[00000030h]5_2_018B2582
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE59C mov eax, dword ptr fs:[00000030h]5_2_018EE59C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019305A7 mov eax, dword ptr fs:[00000030h]5_2_019305A7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019305A7 mov eax, dword ptr fs:[00000030h]5_2_019305A7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019305A7 mov eax, dword ptr fs:[00000030h]5_2_019305A7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D45B1 mov eax, dword ptr fs:[00000030h]5_2_018D45B1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D45B1 mov eax, dword ptr fs:[00000030h]5_2_018D45B1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE5CF mov eax, dword ptr fs:[00000030h]5_2_018EE5CF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE5CF mov eax, dword ptr fs:[00000030h]5_2_018EE5CF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B65D0 mov eax, dword ptr fs:[00000030h]5_2_018B65D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA5D0 mov eax, dword ptr fs:[00000030h]5_2_018EA5D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA5D0 mov eax, dword ptr fs:[00000030h]5_2_018EA5D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC5ED mov eax, dword ptr fs:[00000030h]5_2_018EC5ED
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC5ED mov eax, dword ptr fs:[00000030h]5_2_018EC5ED
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE5E7 mov eax, dword ptr fs:[00000030h]5_2_018DE5E7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B25E0 mov eax, dword ptr fs:[00000030h]5_2_018B25E0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01946500 mov eax, dword ptr fs:[00000030h]5_2_01946500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984500 mov eax, dword ptr fs:[00000030h]5_2_01984500
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE53E mov eax, dword ptr fs:[00000030h]5_2_018DE53E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE53E mov eax, dword ptr fs:[00000030h]5_2_018DE53E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE53E mov eax, dword ptr fs:[00000030h]5_2_018DE53E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE53E mov eax, dword ptr fs:[00000030h]5_2_018DE53E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE53E mov eax, dword ptr fs:[00000030h]5_2_018DE53E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0535 mov eax, dword ptr fs:[00000030h]5_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0535 mov eax, dword ptr fs:[00000030h]5_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0535 mov eax, dword ptr fs:[00000030h]5_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0535 mov eax, dword ptr fs:[00000030h]5_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0535 mov eax, dword ptr fs:[00000030h]5_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0535 mov eax, dword ptr fs:[00000030h]5_2_018C0535
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8550 mov eax, dword ptr fs:[00000030h]5_2_018B8550
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8550 mov eax, dword ptr fs:[00000030h]5_2_018B8550
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E656A mov eax, dword ptr fs:[00000030h]5_2_018E656A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E656A mov eax, dword ptr fs:[00000030h]5_2_018E656A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E656A mov eax, dword ptr fs:[00000030h]5_2_018E656A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B64AB mov eax, dword ptr fs:[00000030h]5_2_018B64AB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193A4B0 mov eax, dword ptr fs:[00000030h]5_2_0193A4B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E44B0 mov ecx, dword ptr fs:[00000030h]5_2_018E44B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B04E5 mov ecx, dword ptr fs:[00000030h]5_2_018B04E5
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E8402 mov eax, dword ptr fs:[00000030h]5_2_018E8402
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E8402 mov eax, dword ptr fs:[00000030h]5_2_018E8402
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E8402 mov eax, dword ptr fs:[00000030h]5_2_018E8402
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AE420 mov eax, dword ptr fs:[00000030h]5_2_018AE420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AE420 mov eax, dword ptr fs:[00000030h]5_2_018AE420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AE420 mov eax, dword ptr fs:[00000030h]5_2_018AE420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018AC427 mov eax, dword ptr fs:[00000030h]5_2_018AC427
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01936420 mov eax, dword ptr fs:[00000030h]5_2_01936420
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA430 mov eax, dword ptr fs:[00000030h]5_2_018EA430
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EE443 mov eax, dword ptr fs:[00000030h]5_2_018EE443
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A645D mov eax, dword ptr fs:[00000030h]5_2_018A645D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D245A mov eax, dword ptr fs:[00000030h]5_2_018D245A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193C460 mov ecx, dword ptr fs:[00000030h]5_2_0193C460
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DA470 mov eax, dword ptr fs:[00000030h]5_2_018DA470
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DA470 mov eax, dword ptr fs:[00000030h]5_2_018DA470
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DA470 mov eax, dword ptr fs:[00000030h]5_2_018DA470
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195678E mov eax, dword ptr fs:[00000030h]5_2_0195678E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B07AF mov eax, dword ptr fs:[00000030h]5_2_018B07AF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019647A0 mov eax, dword ptr fs:[00000030h]5_2_019647A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BC7C0 mov eax, dword ptr fs:[00000030h]5_2_018BC7C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019307C3 mov eax, dword ptr fs:[00000030h]5_2_019307C3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D27ED mov eax, dword ptr fs:[00000030h]5_2_018D27ED
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D27ED mov eax, dword ptr fs:[00000030h]5_2_018D27ED
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D27ED mov eax, dword ptr fs:[00000030h]5_2_018D27ED
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B47FB mov eax, dword ptr fs:[00000030h]5_2_018B47FB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B47FB mov eax, dword ptr fs:[00000030h]5_2_018B47FB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193E7E1 mov eax, dword ptr fs:[00000030h]5_2_0193E7E1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC700 mov eax, dword ptr fs:[00000030h]5_2_018EC700
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0710 mov eax, dword ptr fs:[00000030h]5_2_018B0710
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E0710 mov eax, dword ptr fs:[00000030h]5_2_018E0710
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192C730 mov eax, dword ptr fs:[00000030h]5_2_0192C730
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC720 mov eax, dword ptr fs:[00000030h]5_2_018EC720
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC720 mov eax, dword ptr fs:[00000030h]5_2_018EC720
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E273C mov eax, dword ptr fs:[00000030h]5_2_018E273C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E273C mov ecx, dword ptr fs:[00000030h]5_2_018E273C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E273C mov eax, dword ptr fs:[00000030h]5_2_018E273C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E674D mov esi, dword ptr fs:[00000030h]5_2_018E674D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E674D mov eax, dword ptr fs:[00000030h]5_2_018E674D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E674D mov eax, dword ptr fs:[00000030h]5_2_018E674D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01934755 mov eax, dword ptr fs:[00000030h]5_2_01934755
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193E75D mov eax, dword ptr fs:[00000030h]5_2_0193E75D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0750 mov eax, dword ptr fs:[00000030h]5_2_018B0750
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2750 mov eax, dword ptr fs:[00000030h]5_2_018F2750
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2750 mov eax, dword ptr fs:[00000030h]5_2_018F2750
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8770 mov eax, dword ptr fs:[00000030h]5_2_018B8770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0770 mov eax, dword ptr fs:[00000030h]5_2_018C0770
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4690 mov eax, dword ptr fs:[00000030h]5_2_018B4690
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4690 mov eax, dword ptr fs:[00000030h]5_2_018B4690
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC6A6 mov eax, dword ptr fs:[00000030h]5_2_018EC6A6
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E66B0 mov eax, dword ptr fs:[00000030h]5_2_018E66B0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA6C7 mov ebx, dword ptr fs:[00000030h]5_2_018EA6C7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA6C7 mov eax, dword ptr fs:[00000030h]5_2_018EA6C7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E6F2 mov eax, dword ptr fs:[00000030h]5_2_0192E6F2
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E6F2 mov eax, dword ptr fs:[00000030h]5_2_0192E6F2
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E6F2 mov eax, dword ptr fs:[00000030h]5_2_0192E6F2
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E6F2 mov eax, dword ptr fs:[00000030h]5_2_0192E6F2
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019306F1 mov eax, dword ptr fs:[00000030h]5_2_019306F1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019306F1 mov eax, dword ptr fs:[00000030h]5_2_019306F1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C260B mov eax, dword ptr fs:[00000030h]5_2_018C260B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F2619 mov eax, dword ptr fs:[00000030h]5_2_018F2619
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E609 mov eax, dword ptr fs:[00000030h]5_2_0192E609
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B262C mov eax, dword ptr fs:[00000030h]5_2_018B262C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CE627 mov eax, dword ptr fs:[00000030h]5_2_018CE627
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E6620 mov eax, dword ptr fs:[00000030h]5_2_018E6620
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E8620 mov eax, dword ptr fs:[00000030h]5_2_018E8620
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018CC640 mov eax, dword ptr fs:[00000030h]5_2_018CC640
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA660 mov eax, dword ptr fs:[00000030h]5_2_018EA660
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA660 mov eax, dword ptr fs:[00000030h]5_2_018EA660
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197866E mov eax, dword ptr fs:[00000030h]5_2_0197866E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197866E mov eax, dword ptr fs:[00000030h]5_2_0197866E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E2674 mov eax, dword ptr fs:[00000030h]5_2_018E2674
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019389B3 mov esi, dword ptr fs:[00000030h]5_2_019389B3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019389B3 mov eax, dword ptr fs:[00000030h]5_2_019389B3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019389B3 mov eax, dword ptr fs:[00000030h]5_2_019389B3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B09AD mov eax, dword ptr fs:[00000030h]5_2_018B09AD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B09AD mov eax, dword ptr fs:[00000030h]5_2_018B09AD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C29A0 mov eax, dword ptr fs:[00000030h]5_2_018C29A0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197A9D3 mov eax, dword ptr fs:[00000030h]5_2_0197A9D3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_019469C0 mov eax, dword ptr fs:[00000030h]5_2_019469C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA9D0 mov eax, dword ptr fs:[00000030h]5_2_018BA9D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA9D0 mov eax, dword ptr fs:[00000030h]5_2_018BA9D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA9D0 mov eax, dword ptr fs:[00000030h]5_2_018BA9D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA9D0 mov eax, dword ptr fs:[00000030h]5_2_018BA9D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA9D0 mov eax, dword ptr fs:[00000030h]5_2_018BA9D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BA9D0 mov eax, dword ptr fs:[00000030h]5_2_018BA9D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E49D0 mov eax, dword ptr fs:[00000030h]5_2_018E49D0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193E9E0 mov eax, dword ptr fs:[00000030h]5_2_0193E9E0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E29F9 mov eax, dword ptr fs:[00000030h]5_2_018E29F9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E29F9 mov eax, dword ptr fs:[00000030h]5_2_018E29F9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193C912 mov eax, dword ptr fs:[00000030h]5_2_0193C912
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A8918 mov eax, dword ptr fs:[00000030h]5_2_018A8918
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018A8918 mov eax, dword ptr fs:[00000030h]5_2_018A8918
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E908 mov eax, dword ptr fs:[00000030h]5_2_0192E908
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192E908 mov eax, dword ptr fs:[00000030h]5_2_0192E908
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193892A mov eax, dword ptr fs:[00000030h]5_2_0193892A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0194892B mov eax, dword ptr fs:[00000030h]5_2_0194892B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01930946 mov eax, dword ptr fs:[00000030h]5_2_01930946
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F096E mov eax, dword ptr fs:[00000030h]5_2_018F096E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F096E mov edx, dword ptr fs:[00000030h]5_2_018F096E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018F096E mov eax, dword ptr fs:[00000030h]5_2_018F096E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01954978 mov eax, dword ptr fs:[00000030h]5_2_01954978
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01954978 mov eax, dword ptr fs:[00000030h]5_2_01954978
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D6962 mov eax, dword ptr fs:[00000030h]5_2_018D6962
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D6962 mov eax, dword ptr fs:[00000030h]5_2_018D6962
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D6962 mov eax, dword ptr fs:[00000030h]5_2_018D6962
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193C97C mov eax, dword ptr fs:[00000030h]5_2_0193C97C
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0887 mov eax, dword ptr fs:[00000030h]5_2_018B0887
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193C89D mov eax, dword ptr fs:[00000030h]5_2_0193C89D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DE8C0 mov eax, dword ptr fs:[00000030h]5_2_018DE8C0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197A8E4 mov eax, dword ptr fs:[00000030h]5_2_0197A8E4
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC8F9 mov eax, dword ptr fs:[00000030h]5_2_018EC8F9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EC8F9 mov eax, dword ptr fs:[00000030h]5_2_018EC8F9
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193C810 mov eax, dword ptr fs:[00000030h]5_2_0193C810
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195483A mov eax, dword ptr fs:[00000030h]5_2_0195483A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195483A mov eax, dword ptr fs:[00000030h]5_2_0195483A
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2835 mov eax, dword ptr fs:[00000030h]5_2_018D2835
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2835 mov eax, dword ptr fs:[00000030h]5_2_018D2835
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2835 mov eax, dword ptr fs:[00000030h]5_2_018D2835
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2835 mov ecx, dword ptr fs:[00000030h]5_2_018D2835
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2835 mov eax, dword ptr fs:[00000030h]5_2_018D2835
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D2835 mov eax, dword ptr fs:[00000030h]5_2_018D2835
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EA830 mov eax, dword ptr fs:[00000030h]5_2_018EA830
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C2840 mov ecx, dword ptr fs:[00000030h]5_2_018C2840
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4859 mov eax, dword ptr fs:[00000030h]5_2_018B4859
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B4859 mov eax, dword ptr fs:[00000030h]5_2_018B4859
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E0854 mov eax, dword ptr fs:[00000030h]5_2_018E0854
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193E872 mov eax, dword ptr fs:[00000030h]5_2_0193E872
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193E872 mov eax, dword ptr fs:[00000030h]5_2_0193E872
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01946870 mov eax, dword ptr fs:[00000030h]5_2_01946870
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01946870 mov eax, dword ptr fs:[00000030h]5_2_01946870
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01964BB0 mov eax, dword ptr fs:[00000030h]5_2_01964BB0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01964BB0 mov eax, dword ptr fs:[00000030h]5_2_01964BB0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0BBE mov eax, dword ptr fs:[00000030h]5_2_018C0BBE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0BBE mov eax, dword ptr fs:[00000030h]5_2_018C0BBE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195EBD0 mov eax, dword ptr fs:[00000030h]5_2_0195EBD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0BCD mov eax, dword ptr fs:[00000030h]5_2_018B0BCD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0BCD mov eax, dword ptr fs:[00000030h]5_2_018B0BCD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0BCD mov eax, dword ptr fs:[00000030h]5_2_018B0BCD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D0BCB mov eax, dword ptr fs:[00000030h]5_2_018D0BCB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D0BCB mov eax, dword ptr fs:[00000030h]5_2_018D0BCB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D0BCB mov eax, dword ptr fs:[00000030h]5_2_018D0BCB
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193CBF0 mov eax, dword ptr fs:[00000030h]5_2_0193CBF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DEBFC mov eax, dword ptr fs:[00000030h]5_2_018DEBFC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8BF0 mov eax, dword ptr fs:[00000030h]5_2_018B8BF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8BF0 mov eax, dword ptr fs:[00000030h]5_2_018B8BF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8BF0 mov eax, dword ptr fs:[00000030h]5_2_018B8BF0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192EB1D mov eax, dword ptr fs:[00000030h]5_2_0192EB1D
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DEB20 mov eax, dword ptr fs:[00000030h]5_2_018DEB20
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DEB20 mov eax, dword ptr fs:[00000030h]5_2_018DEB20
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01978B28 mov eax, dword ptr fs:[00000030h]5_2_01978B28
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01978B28 mov eax, dword ptr fs:[00000030h]5_2_01978B28
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195EB50 mov eax, dword ptr fs:[00000030h]5_2_0195EB50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01946B40 mov eax, dword ptr fs:[00000030h]5_2_01946B40
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01946B40 mov eax, dword ptr fs:[00000030h]5_2_01946B40
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0197AB40 mov eax, dword ptr fs:[00000030h]5_2_0197AB40
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01958B42 mov eax, dword ptr fs:[00000030h]5_2_01958B42
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01964B4B mov eax, dword ptr fs:[00000030h]5_2_01964B4B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01964B4B mov eax, dword ptr fs:[00000030h]5_2_01964B4B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ACB7E mov eax, dword ptr fs:[00000030h]5_2_018ACB7E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018BEA80 mov eax, dword ptr fs:[00000030h]5_2_018BEA80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984A80 mov eax, dword ptr fs:[00000030h]5_2_01984A80
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E8A90 mov edx, dword ptr fs:[00000030h]5_2_018E8A90
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8AA0 mov eax, dword ptr fs:[00000030h]5_2_018B8AA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B8AA0 mov eax, dword ptr fs:[00000030h]5_2_018B8AA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01906AA4 mov eax, dword ptr fs:[00000030h]5_2_01906AA4
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B0AD0 mov eax, dword ptr fs:[00000030h]5_2_018B0AD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01906ACC mov eax, dword ptr fs:[00000030h]5_2_01906ACC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01906ACC mov eax, dword ptr fs:[00000030h]5_2_01906ACC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01906ACC mov eax, dword ptr fs:[00000030h]5_2_01906ACC
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E4AD0 mov eax, dword ptr fs:[00000030h]5_2_018E4AD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E4AD0 mov eax, dword ptr fs:[00000030h]5_2_018E4AD0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EAAEE mov eax, dword ptr fs:[00000030h]5_2_018EAAEE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018EAAEE mov eax, dword ptr fs:[00000030h]5_2_018EAAEE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0193CA11 mov eax, dword ptr fs:[00000030h]5_2_0193CA11
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DEA2E mov eax, dword ptr fs:[00000030h]5_2_018DEA2E
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECA24 mov eax, dword ptr fs:[00000030h]5_2_018ECA24
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECA38 mov eax, dword ptr fs:[00000030h]5_2_018ECA38
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D4A35 mov eax, dword ptr fs:[00000030h]5_2_018D4A35
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D4A35 mov eax, dword ptr fs:[00000030h]5_2_018D4A35
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0A5B mov eax, dword ptr fs:[00000030h]5_2_018C0A5B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018C0A5B mov eax, dword ptr fs:[00000030h]5_2_018C0A5B
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018B6A50 mov eax, dword ptr fs:[00000030h]5_2_018B6A50
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192CA72 mov eax, dword ptr fs:[00000030h]5_2_0192CA72
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0192CA72 mov eax, dword ptr fs:[00000030h]5_2_0192CA72
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECA6F mov eax, dword ptr fs:[00000030h]5_2_018ECA6F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECA6F mov eax, dword ptr fs:[00000030h]5_2_018ECA6F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECA6F mov eax, dword ptr fs:[00000030h]5_2_018ECA6F
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_0195EA60 mov eax, dword ptr fs:[00000030h]5_2_0195EA60
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018E6DA0 mov eax, dword ptr fs:[00000030h]5_2_018E6DA0
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D8DBF mov eax, dword ptr fs:[00000030h]5_2_018D8DBF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018D8DBF mov eax, dword ptr fs:[00000030h]5_2_018D8DBF
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01984DAD mov eax, dword ptr fs:[00000030h]5_2_01984DAD
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01978DAE mov eax, dword ptr fs:[00000030h]5_2_01978DAE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01978DAE mov eax, dword ptr fs:[00000030h]5_2_01978DAE
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECDB1 mov ecx, dword ptr fs:[00000030h]5_2_018ECDB1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECDB1 mov eax, dword ptr fs:[00000030h]5_2_018ECDB1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018ECDB1 mov eax, dword ptr fs:[00000030h]5_2_018ECDB1
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01934DD7 mov eax, dword ptr fs:[00000030h]5_2_01934DD7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_01934DD7 mov eax, dword ptr fs:[00000030h]5_2_01934DD7
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DEDD3 mov eax, dword ptr fs:[00000030h]5_2_018DEDD3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeCode function: 5_2_018DEDD3 mov eax, dword ptr fs:[00000030h]5_2_018DEDD3
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeMemory written: C:\Users\user\Desktop\PO No. 0146850827805.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeProcess created: C:\Users\user\Desktop\PO No. 0146850827805.exe "C:\Users\user\Desktop\PO No. 0146850827805.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeQueries volume information: C:\Users\user\Desktop\PO No. 0146850827805.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO No. 0146850827805.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2310984519.0000000001330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO No. 0146850827805.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2310984519.0000000001330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO No. 0146850827805.exe42%ReversingLabsByteCode-MSIL.Spyware.Negasteal
            PO No. 0146850827805.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ax-0001.ax-msedge.net
            		150.171.27.10
            		truefalse
              		unknown
              tse1.mm.bing.net
              		unknown
              		unknownfalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://tempuri.org/DataSet1.xsdPO No. 0146850827805.exefalse
                  		unknown

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1545930
                  Start date and time:2024-10-31 10:32:09 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 6m 10s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:PO No. 0146850827805.exe
                  Detection:MAL
                  Classification:mal80.troj.evad.winEXE@3/1@1/0
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 97%
                  • Number of executed functions: 45
                  • Number of non-executed functions: 270
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, mm-mm.bing.net.trafficmanager.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
                  • VT rate limit hit for: PO No. 0146850827805.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  05:33:01API Interceptor5x Sleep call for process: PO No. 0146850827805.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  ax-0001.ax-msedge.netfile.exeGet hashmaliciousStealcBrowse
                  • 150.171.27.10
                  https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                  • 150.171.27.10
                  Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                  • 150.171.27.10
                  https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utmGet hashmaliciousHTMLPhisherBrowse
                  • 150.171.27.10
                  https://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/fileGet hashmaliciousUnknownBrowse
                  • 150.171.27.10
                  https://email.email.pandadoc.net/c/eJxMkE9vEzEQxT_N-pbKO_ba3oMPhWipiEBAoYdeqrE92zVJbGfthD-fHkWi0OOM9Hv6vResU8LNhoXsz0dK7SkG-2Z5fwRKPgf39rRsv4op3T4ujGyvBQcQIxi2WBVmDUaIIJAgaJrROA0G-iB6wRWyaIGD7DmMvZYDqJtej653A7hxHASXppOcjhgPNwVTwJD9TaLGYn1qK3pCdyDb1jOxg11aK7UTtx1MHUxYyn_E52MH04t-B9MFOjG1vKfUia3X2M_Kjc7LORAnLZT03Ds1eE-GBjOKAXojOzGxlFuco8cWc7rOMAQynlBsvBtgI0GJDY6Ob0hzI7AHR0GxvD5jir__QXSR97_ybpvLA1U6_hxPwWtiq625LJE6yfex4rnlgmurV3u20iXWv7hvCj6bWb97PBX_PTp1rg_yE2v2peCm4fpM7fWnUnp9s4sF9iOv-1rQ0zXU7Bzsvn3A0PT9nfmCQ_ioy92fAAAA__-PeqWAGet hashmaliciousUnknownBrowse
                  • 150.171.27.10
                  https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFmiRUl-2BtxcZ73D3PC6s7dEdSEpNEVf7BmEr33HzpWyzDy2Qc_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZML5SAWON4OCquRGeOrZOG6X7bKIH2ouDi7O5ssZhkwdV9j8BuAetGO74HzivTb4yjw5AGX5ZMnsGYBS3vBuNNgFYRVSYVxc5dN7eCLDUr43XjgYUZE2GmJzXmN-2BelIHWKsvaOOIeqiW6cnMf2CI6MeEhodwtV2LpZJtWZhkGi5I2rlc08PnxbPlMsOj2Cr9oC-2BCWb9WuPqmZU8rqYD8CNL-2BgY3UElGOq-2BfG3NfYFdrc0Rb11eU0t5G2ihyqzzZVfI-3D#cHNjaG1pdHRAZ3Jpc3Qub3JnGet hashmaliciousUnknownBrowse
                  • 150.171.27.10
                  https://ws.onehub.com/files/3wbmh4dnGet hashmaliciousUnknownBrowse
                  • 150.171.27.10
                  Electronic_Receipt_ATT0001.virus.htmlGet hashmaliciousUnknownBrowse
                  • 150.171.28.10
                  https://app.pandadoc.com/document/v2?token=2126fee3194112970cb23c51d0c56249323ace2bGet hashmaliciousUnknownBrowse
                  • 150.171.28.10

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO No. 0146850827805.exe.log

                  Download File
                  Process:C:\Users\user\Desktop\PO No. 0146850827805.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1216
                  Entropy (8bit):5.34331486778365
                  Encrypted:false
                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                  Malicious:true
                  Reputation:high, very likely benign file
                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Entropy (8bit):7.690718847005052
                  TrID:
                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  • Win32 Executable (generic) a (10002005/4) 49.78%
                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                  • Generic Win/DOS Executable (2004/3) 0.01%
                  • DOS Executable Generic (2002/1) 0.01%
                  File name:PO No. 0146850827805.exe
                  File size:825'344 bytes
                  MD5:5ad592fcf46ee793fbf36e4c2ff67542
                  SHA1:8c14971e5999d6ab0bd37f3b22804180a6ecb5e6
                  SHA256:b8d4c86463b945f866e0396ecf65af0e67e55224eecce97b033e25e816eca01e
                  SHA512:dcfcf9bc19a4e5a214b96ae8f26988728c149c1f32e2901b2936438a1d5158a3047095757eb24cc82383227305fe800338d527187b0a0f4a4f1793f4f01c14a6
                  SSDEEP:24576:rwhHc097KALSOgFQtf1PYI2Q2blbbTajd:UhHc4+A+OgFuPJ2JCd
                  TLSH:6805CED03A767719DEB54A759228DCB583B12969B010FAEA1EDC3BC7359D310AE08F43
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}8#g..............0.................. ........@.. ....................................@................................

                  File Icon

                  Icon Hash:00928e8e8686b000

                  Static PE Info

                  General

                  Entrypoint:0x4cada2
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Time Stamp:0x6723387D [Thu Oct 31 07:57:49 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                  Entrypoint Preview

                  Instruction
                  jmp dword ptr [00402000h]
                  push ebx
                  add byte ptr [ecx+00h], bh
                  jnc 00007F662CC46922h
                  je 00007F662CC46922h
                  add byte ptr [ebp+00h], ch
                  add byte ptr [ecx+00h], al
                  arpl word ptr [eax], ax
                  je 00007F662CC46922h
                  imul eax, dword ptr [eax], 00610076h
                  je 00007F662CC46922h
                  outsd
                  add byte ptr [edx+00h], dh
                  add dword ptr [eax], eax
                  add byte ptr [eax], al
                  add al, byte ptr [eax]
                  add byte ptr [eax], al
                  add eax, dword ptr [eax]
                  add byte ptr [eax], al
                  add al, 00h
                  add byte ptr [eax], al
                  add eax, 00000000h
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0xcad500x4f.text
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x5ac.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0xc79d00x54.text
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x20000xc8de00xc8e0009fcbde3f6a1d2cd5326cbe9b502befbFalse0.8543882720130678data7.6971538943693485IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rsrc0xcc0000x5ac0x60019e05ac9ce00710267a378a2b911a5c0False0.4212239583333333data4.081932605540771IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0xce0000xc0x200a4de589572cf90bbeb50dc2a492aa013False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_VERSION0xcc0900x31cdata0.4321608040201005
                  RT_MANIFEST0xcc3bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                  Imports

                  DLLImport
                  mscoree.dll_CorExeMain

                  Network Behavior

                  Network Port Distribution

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 31, 2024 10:32:59.044634104 CET5485253192.168.2.61.1.1.1

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Oct 31, 2024 10:32:59.044634104 CET192.168.2.61.1.1.10xe4b6Standard query (0)tse1.mm.bing.netA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Oct 31, 2024 10:32:59.051896095 CET1.1.1.1192.168.2.60xe4b6No error (0)tse1.mm.bing.netmm-mm.bing.net.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                  Oct 31, 2024 10:32:59.051896095 CET1.1.1.1192.168.2.60xe4b6No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                  Oct 31, 2024 10:32:59.051896095 CET1.1.1.1192.168.2.60xe4b6No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:05:33:00
                  Start date:31/10/2024
                  Path:C:\Users\user\Desktop\PO No. 0146850827805.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\PO No. 0146850827805.exe"
                  Imagebase:0x770000
                  File size:825'344 bytes
                  MD5 hash:5AD592FCF46EE793FBF36E4C2FF67542
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:5
                  Start time:05:33:04
                  Start date:31/10/2024
                  Path:C:\Users\user\Desktop\PO No. 0146850827805.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\PO No. 0146850827805.exe"
                  Imagebase:0xcf0000
                  File size:825'344 bytes
                  MD5 hash:5AD592FCF46EE793FBF36E4C2FF67542
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2310984519.0000000001330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:true

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:10.7%
                    Dynamic/Decrypted Code Coverage:100%
                    Signature Coverage:0%
                    Total number of Nodes:184
                    Total number of Limit Nodes:21
                    execution_graph 24869 299d828 DuplicateHandle 24870 299d8be 24869->24870 24871 2994668 24872 299467a 24871->24872 24873 2994686 24872->24873 24875 2994778 24872->24875 24876 299479d 24875->24876 24880 2994888 24876->24880 24884 2994878 24876->24884 24882 29948af 24880->24882 24881 299498c 24881->24881 24882->24881 24888 2994560 24882->24888 24886 29948af 24884->24886 24885 299498c 24885->24885 24886->24885 24887 2994560 CreateActCtxA 24886->24887 24887->24885 24889 2995d18 CreateActCtxA 24888->24889 24891 2995ddb 24889->24891 24892 728dc1a 24893 728dc28 24892->24893 24894 728dd7e 24892->24894 24899 728e62e 24893->24899 24904 728e5c1 24893->24904 24908 728e5d0 24893->24908 24895 728dff5 24900 728e5bc 24899->24900 24902 728e631 24899->24902 24912 728e8e2 24900->24912 24902->24895 24905 728e5d0 24904->24905 24907 728e8e2 12 API calls 24905->24907 24906 728e60e 24906->24895 24907->24906 24909 728e5d8 24908->24909 24911 728e8e2 12 API calls 24909->24911 24910 728e60e 24910->24895 24911->24910 24913 728e905 24912->24913 24932 728ebd4 24913->24932 24937 728edd4 24913->24937 24942 728ea14 24913->24942 24952 728ecd3 24913->24952 24959 728eeb1 24913->24959 24966 728ec3e 24913->24966 24971 728f146 24913->24971 24976 728ebc2 24913->24976 24980 728ecc1 24913->24980 24985 728eb4f 24913->24985 24992 728f0eb 24913->24992 25000 728ea8b 24913->25000 25010 728ef4a 24913->25010 25017 728f168 24913->25017 25025 728eb16 24913->25025 25030 728ed96 24913->25030 25034 728eaf5 24913->25034 24914 728e60e 24914->24895 24933 728eb2e 24932->24933 24934 728f47f 24933->24934 25041 728d648 24933->25041 25045 728d641 24933->25045 24934->24914 24938 728eb2d 24937->24938 24939 728f2de 24938->24939 24940 728d648 ReadProcessMemory 24938->24940 24941 728d641 ReadProcessMemory 24938->24941 24939->24914 24940->24938 24941->24938 24943 728ea1f 24942->24943 25049 728d7e0 24943->25049 25053 728d7d5 24943->25053 24953 728eafe 24952->24953 24954 728ed48 24953->24954 25057 728d3b8 24953->25057 25061 728d3c0 24953->25061 25065 728ced8 24953->25065 25069 728ced1 24953->25069 24954->24914 24960 728eafe 24959->24960 24961 728ed48 24960->24961 24962 728ced8 ResumeThread 24960->24962 24963 728ced1 ResumeThread 24960->24963 24964 728d3b8 Wow64SetThreadContext 24960->24964 24965 728d3c0 Wow64SetThreadContext 24960->24965 24961->24914 24962->24960 24963->24960 24964->24960 24965->24960 24967 728ec63 24966->24967 25073 728d558 24967->25073 25077 728d551 24967->25077 24968 728ec84 24972 728ec63 24971->24972 24973 728ec84 24971->24973 24974 728d558 WriteProcessMemory 24972->24974 24975 728d551 WriteProcessMemory 24972->24975 24974->24973 24975->24973 24977 728f223 24976->24977 24978 728d558 WriteProcessMemory 24977->24978 24979 728d551 WriteProcessMemory 24977->24979 24978->24977 24979->24977 24981 728ee43 24980->24981 24983 728d558 WriteProcessMemory 24981->24983 24984 728d551 WriteProcessMemory 24981->24984 24982 728eb9b 24982->24914 24983->24982 24984->24982 24988 728d3b8 Wow64SetThreadContext 24985->24988 24989 728d3c0 Wow64SetThreadContext 24985->24989 24986 728eafe 24986->24985 24987 728ed48 24986->24987 24990 728ced8 ResumeThread 24986->24990 24991 728ced1 ResumeThread 24986->24991 24987->24914 24988->24986 24989->24986 24990->24986 24991->24986 24993 728f0f1 24992->24993 24995 728eb2e 24993->24995 24996 728d648 ReadProcessMemory 24993->24996 24997 728d641 ReadProcessMemory 24993->24997 24994 728f47f 24994->24914 24995->24994 24998 728d648 ReadProcessMemory 24995->24998 24999 728d641 ReadProcessMemory 24995->24999 24996->24995 24997->24995 24998->24995 24999->24995 25001 728ea15 25000->25001 25004 728d7e0 CreateProcessA 25001->25004 25005 728d7d5 CreateProcessA 25001->25005 25002 728ead6 25003 728ed48 25002->25003 25006 728ced8 ResumeThread 25002->25006 25007 728ced1 ResumeThread 25002->25007 25008 728d3b8 Wow64SetThreadContext 25002->25008 25009 728d3c0 Wow64SetThreadContext 25002->25009 25003->24914 25004->25002 25005->25002 25006->25002 25007->25002 25008->25002 25009->25002 25013 728d3b8 Wow64SetThreadContext 25010->25013 25014 728d3c0 Wow64SetThreadContext 25010->25014 25011 728f47f 25011->24914 25012 728eb2e 25012->25011 25015 728d648 ReadProcessMemory 25012->25015 25016 728d641 ReadProcessMemory 25012->25016 25013->25012 25014->25012 25015->25012 25016->25012 25018 728f175 25017->25018 25019 728eafe 25017->25019 25020 728ed48 25019->25020 25021 728ced8 ResumeThread 25019->25021 25022 728ced1 ResumeThread 25019->25022 25023 728d3b8 Wow64SetThreadContext 25019->25023 25024 728d3c0 Wow64SetThreadContext 25019->25024 25020->24914 25021->25019 25022->25019 25023->25019 25024->25019 25026 728eb1c 25025->25026 25027 728f47f 25026->25027 25028 728d648 ReadProcessMemory 25026->25028 25029 728d641 ReadProcessMemory 25026->25029 25027->24914 25028->25026 25029->25026 25081 728d498 25030->25081 25085 728d490 25030->25085 25031 728edb4 25035 728eafe 25034->25035 25036 728ed48 25035->25036 25037 728ced8 ResumeThread 25035->25037 25038 728ced1 ResumeThread 25035->25038 25039 728d3b8 Wow64SetThreadContext 25035->25039 25040 728d3c0 Wow64SetThreadContext 25035->25040 25036->24914 25037->25035 25038->25035 25039->25035 25040->25035 25042 728d693 ReadProcessMemory 25041->25042 25044 728d6d7 25042->25044 25044->24933 25046 728d648 ReadProcessMemory 25045->25046 25048 728d6d7 25046->25048 25048->24933 25050 728d869 CreateProcessA 25049->25050 25052 728da2b 25050->25052 25052->25052 25054 728d7e0 CreateProcessA 25053->25054 25056 728da2b 25054->25056 25056->25056 25058 728d3c0 Wow64SetThreadContext 25057->25058 25060 728d44d 25058->25060 25060->24953 25062 728d405 Wow64SetThreadContext 25061->25062 25064 728d44d 25062->25064 25064->24953 25066 728cf18 ResumeThread 25065->25066 25068 728cf49 25066->25068 25068->24953 25070 728ced8 ResumeThread 25069->25070 25072 728cf49 25070->25072 25072->24953 25074 728d5a0 WriteProcessMemory 25073->25074 25076 728d5f7 25074->25076 25076->24968 25078 728d558 WriteProcessMemory 25077->25078 25080 728d5f7 25078->25080 25080->24968 25082 728d4d8 VirtualAllocEx 25081->25082 25084 728d515 25082->25084 25084->25031 25086 728d498 VirtualAllocEx 25085->25086 25088 728d515 25086->25088 25088->25031 24853 728f960 24854 728faeb 24853->24854 24856 728f986 24853->24856 24856->24854 24857 728b9b4 24856->24857 24858 728fbe0 PostMessageW 24857->24858 24860 728fc4c 24858->24860 24860->24856 24861 299b250 24864 299b33a 24861->24864 24862 299b25f 24865 299b37c 24864->24865 24866 299b359 24864->24866 24865->24862 24866->24865 24867 299b580 GetModuleHandleW 24866->24867 24868 299b5ad 24867->24868 24868->24862 25089 299d5e0 25090 299d626 GetCurrentProcess 25089->25090 25092 299d678 GetCurrentThread 25090->25092 25093 299d671 25090->25093 25094 299d6ae 25092->25094 25095 299d6b5 GetCurrentProcess 25092->25095 25093->25092 25094->25095 25096 299d6eb 25095->25096 25097 299d713 GetCurrentThreadId 25096->25097 25098 299d744 25097->25098

                    Executed Functions

                    Function 07280E28 Relevance: .5, Instructions: 506COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8966b24ff2118c1cef0f2cd23c62ca0ef7b4727b409fb090afbfb1b1c1250a87
                    • Instruction ID: d250c94ee665766c7dbe1e40e501d93d10aad9e41b490f55dfec3f6746da153d
                    • Opcode Fuzzy Hash: 8966b24ff2118c1cef0f2cd23c62ca0ef7b4727b409fb090afbfb1b1c1250a87
                    • Instruction Fuzzy Hash: A642C3B4E11219CFDB64DFA8D984B9DBBF2BF48300F1081A9D809A7395D735AA85CF50
                    Function 02997018 Relevance: .2, Instructions: 232COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6d2aa96d33fd6c0eeed87e9b0eb442e54fd36ef309c918252f4560910a796527
                    • Instruction ID: 4d8c1cf8e2be7db968a4db05a401f24e5f451739b2d577e231d4f7bc422f22ff
                    • Opcode Fuzzy Hash: 6d2aa96d33fd6c0eeed87e9b0eb442e54fd36ef309c918252f4560910a796527
                    • Instruction Fuzzy Hash: 87A1B274E00208DFDB05DFE9D994A9EBBB2FF88310F148529E909AB365DB355986CF40
                    Function 02994204 Relevance: .2, Instructions: 228COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1af4cbc1dabd3987f9a0a6a48e216adb9763c3de536200069c45c3b20d957524
                    • Instruction ID: 65cab6fa3028b3715eceb0a3d147c5ea3f01f1248997f77a927d02f98e4d77f1
                    • Opcode Fuzzy Hash: 1af4cbc1dabd3987f9a0a6a48e216adb9763c3de536200069c45c3b20d957524
                    • Instruction Fuzzy Hash: A0A1C374E00208DFDB05DFE9D994AAEBBB2FF88310F108429E909AB355DB355986CF40
                    Function 07280E21 Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 95c4b6fd9b0e994746b0650472b684db09bf6832c55d259ba278e8718aeb213e
                    • Instruction ID: 6f5afdbd368ae9945f075ae0033e55800df641370bdcd344d66a09d63bb92a89
                    • Opcode Fuzzy Hash: 95c4b6fd9b0e994746b0650472b684db09bf6832c55d259ba278e8718aeb213e
                    • Instruction Fuzzy Hash: 1461C7B4E01218CFDB64CF9AD985B9DBBF2BF88300F1481A9D809A7394D7759945CF50
                    Function 0299D5D0 Relevance: 6.1, APIs: 4, Instructions: 136threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetCurrentProcess.KERNEL32 ref: 0299D65E
                    • GetCurrentThread.KERNEL32 ref: 0299D69B
                    • GetCurrentProcess.KERNEL32 ref: 0299D6D8
                    • GetCurrentThreadId.KERNEL32 ref: 0299D731
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: Current$ProcessThread
                    • String ID:
                    • API String ID: 2063062207-0
                    • Opcode ID: 05d6c188b303b12025ac5a7c7a150f14a97d703ea73fc2d23451ef1887429e84
                    • Instruction ID: 56f50f44bd6bf882df2b4bd5955b8f28120a8fdf048d06f25e0f64d008e251b9
                    • Opcode Fuzzy Hash: 05d6c188b303b12025ac5a7c7a150f14a97d703ea73fc2d23451ef1887429e84
                    • Instruction Fuzzy Hash: 695198B090034A8FDB44DFA9D988BDEBBF1FF88314F208059E509A7260DB789945CF65
                    Function 0299D5E0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetCurrentProcess.KERNEL32 ref: 0299D65E
                    • GetCurrentThread.KERNEL32 ref: 0299D69B
                    • GetCurrentProcess.KERNEL32 ref: 0299D6D8
                    • GetCurrentThreadId.KERNEL32 ref: 0299D731
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: Current$ProcessThread
                    • String ID:
                    • API String ID: 2063062207-0
                    • Opcode ID: 040b2bb31e4630e60c4ae9a48a76fe41383623b8709835c7f33eea8c24ccf6fe
                    • Instruction ID: 46acb279c7c0de0717cc39a39ca9276cfe5237d3d54edbf5a9124fb18e39d15c
                    • Opcode Fuzzy Hash: 040b2bb31e4630e60c4ae9a48a76fe41383623b8709835c7f33eea8c24ccf6fe
                    • Instruction Fuzzy Hash: 2E5166B090034A8FDB54DFA9D688BDEBBF1FF88314F208459E509A7260DB789944CF65
                    Function 0728D7D5 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 45 728d7d5-728d875 48 728d8ae-728d8ce 45->48 49 728d877-728d881 45->49 54 728d8d0-728d8da 48->54 55 728d907-728d936 48->55 49->48 50 728d883-728d885 49->50 52 728d8a8-728d8ab 50->52 53 728d887-728d891 50->53 52->48 56 728d893 53->56 57 728d895-728d8a4 53->57 54->55 58 728d8dc-728d8de 54->58 65 728d938-728d942 55->65 66 728d96f-728da29 CreateProcessA 55->66 56->57 57->57 59 728d8a6 57->59 60 728d8e0-728d8ea 58->60 61 728d901-728d904 58->61 59->52 63 728d8ec 60->63 64 728d8ee-728d8fd 60->64 61->55 63->64 64->64 67 728d8ff 64->67 65->66 68 728d944-728d946 65->68 77 728da2b-728da31 66->77 78 728da32-728dab8 66->78 67->61 69 728d948-728d952 68->69 70 728d969-728d96c 68->70 72 728d954 69->72 73 728d956-728d965 69->73 70->66 72->73 73->73 74 728d967 73->74 74->70 77->78 88 728dac8-728dacc 78->88 89 728daba-728dabe 78->89 91 728dadc-728dae0 88->91 92 728dace-728dad2 88->92 89->88 90 728dac0 89->90 90->88 94 728daf0-728daf4 91->94 95 728dae2-728dae6 91->95 92->91 93 728dad4 92->93 93->91 97 728db06-728db0d 94->97 98 728daf6-728dafc 94->98 95->94 96 728dae8 95->96 96->94 99 728db0f-728db1e 97->99 100 728db24 97->100 98->97 99->100 102 728db25 100->102 102->102
                    APIs
                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0728DA16
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: CreateProcess
                    • String ID:
                    • API String ID: 963392458-0
                    • Opcode ID: 78c5502f471b2ca708290d2b10ca21a15b876d2c0867ffb66cd09c7266eb980a
                    • Instruction ID: d9dec051db091b0ad6db58f99beb0a5861c7231350e6d55c14d203a1abb2abf5
                    • Opcode Fuzzy Hash: 78c5502f471b2ca708290d2b10ca21a15b876d2c0867ffb66cd09c7266eb980a
                    • Instruction Fuzzy Hash: 72A16BB1E1121ADFEF60DF68C8417DDBBB2BF48310F1485A9D809A7280DB759989CF91
                    Function 0728D7E0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 103 728d7e0-728d875 105 728d8ae-728d8ce 103->105 106 728d877-728d881 103->106 111 728d8d0-728d8da 105->111 112 728d907-728d936 105->112 106->105 107 728d883-728d885 106->107 109 728d8a8-728d8ab 107->109 110 728d887-728d891 107->110 109->105 113 728d893 110->113 114 728d895-728d8a4 110->114 111->112 115 728d8dc-728d8de 111->115 122 728d938-728d942 112->122 123 728d96f-728da29 CreateProcessA 112->123 113->114 114->114 116 728d8a6 114->116 117 728d8e0-728d8ea 115->117 118 728d901-728d904 115->118 116->109 120 728d8ec 117->120 121 728d8ee-728d8fd 117->121 118->112 120->121 121->121 124 728d8ff 121->124 122->123 125 728d944-728d946 122->125 134 728da2b-728da31 123->134 135 728da32-728dab8 123->135 124->118 126 728d948-728d952 125->126 127 728d969-728d96c 125->127 129 728d954 126->129 130 728d956-728d965 126->130 127->123 129->130 130->130 131 728d967 130->131 131->127 134->135 145 728dac8-728dacc 135->145 146 728daba-728dabe 135->146 148 728dadc-728dae0 145->148 149 728dace-728dad2 145->149 146->145 147 728dac0 146->147 147->145 151 728daf0-728daf4 148->151 152 728dae2-728dae6 148->152 149->148 150 728dad4 149->150 150->148 154 728db06-728db0d 151->154 155 728daf6-728dafc 151->155 152->151 153 728dae8 152->153 153->151 156 728db0f-728db1e 154->156 157 728db24 154->157 155->154 156->157 159 728db25 157->159 159->159
                    APIs
                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0728DA16
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: CreateProcess
                    • String ID:
                    • API String ID: 963392458-0
                    • Opcode ID: 312fe4d072d76cfbaadca4290dbf7e0dda7a0bf8a8e0055812428a2697345293
                    • Instruction ID: 17f86a2f4c6943bc16658d2ded852019edbfca8179a5269a61f95552770f52a2
                    • Opcode Fuzzy Hash: 312fe4d072d76cfbaadca4290dbf7e0dda7a0bf8a8e0055812428a2697345293
                    • Instruction Fuzzy Hash: 42916BB1E1121ADFEF64DF68C8417DDBBB2BF48310F1481A9D809A7280DB759989CF91
                    Function 0299B33A Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 160 299b33a-299b357 161 299b359-299b366 call 2999db8 160->161 162 299b383-299b387 160->162 169 299b368 161->169 170 299b37c 161->170 164 299b389-299b393 162->164 165 299b39b-299b3dc 162->165 164->165 171 299b3e9-299b3f7 165->171 172 299b3de-299b3e6 165->172 216 299b36e call 299b5d0 169->216 217 299b36e call 299b5e0 169->217 170->162 173 299b3f9-299b3fe 171->173 174 299b41b-299b41d 171->174 172->171 176 299b409 173->176 177 299b400-299b407 call 299b000 173->177 179 299b420-299b427 174->179 175 299b374-299b376 175->170 178 299b4b8-299b578 175->178 181 299b40b-299b419 176->181 177->181 211 299b57a-299b57d 178->211 212 299b580-299b5ab GetModuleHandleW 178->212 182 299b429-299b431 179->182 183 299b434-299b43b 179->183 181->179 182->183 184 299b448-299b451 call 299b010 183->184 185 299b43d-299b445 183->185 191 299b45e-299b463 184->191 192 299b453-299b45b 184->192 185->184 193 299b481-299b48e 191->193 194 299b465-299b46c 191->194 192->191 200 299b4b1-299b4b7 193->200 201 299b490-299b4ae 193->201 194->193 196 299b46e-299b47e call 299b020 call 299b030 194->196 196->193 201->200 211->212 213 299b5ad-299b5b3 212->213 214 299b5b4-299b5c8 212->214 213->214 216->175 217->175
                    APIs
                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0299B59E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: HandleModule
                    • String ID:
                    • API String ID: 4139908857-0
                    • Opcode ID: 708aeeeff252586c82819ed36f010ac383be7731c398cc18c2870599d805687b
                    • Instruction ID: eda7edb52ad819a2ba3bffec7253eed1921a80395c581c2692c01168a91546d0
                    • Opcode Fuzzy Hash: 708aeeeff252586c82819ed36f010ac383be7731c398cc18c2870599d805687b
                    • Instruction Fuzzy Hash: ED815770A00B058FDB24DF29D46575ABBF5FF88318F04892DD48AD7A40DB78E846CB91
                    Function 02995D0C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 218 2995d0c-2995dd9 CreateActCtxA 220 2995ddb-2995de1 218->220 221 2995de2-2995e3c 218->221 220->221 228 2995e4b-2995e4f 221->228 229 2995e3e-2995e41 221->229 230 2995e51-2995e5d 228->230 231 2995e60 228->231 229->228 230->231 233 2995e61 231->233 233->233
                    APIs
                    • CreateActCtxA.KERNEL32(?), ref: 02995DC9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: Create
                    • String ID:
                    • API String ID: 2289755597-0
                    • Opcode ID: 7d17add006887e1583c7ffca23c1a820e909b8dc1a0b466a2105c01b0300be8a
                    • Instruction ID: a5b25e946b3eed10a399d1a8210cd7679455d0c58b88d26d922d4478a246af0f
                    • Opcode Fuzzy Hash: 7d17add006887e1583c7ffca23c1a820e909b8dc1a0b466a2105c01b0300be8a
                    • Instruction Fuzzy Hash: 9C41F1B0C00719CBEB25CFA9C884BDEBBB5BF49714F20815AD408AB255DB75694ACF90
                    Function 02994560 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 234 2994560-2995dd9 CreateActCtxA 237 2995ddb-2995de1 234->237 238 2995de2-2995e3c 234->238 237->238 245 2995e4b-2995e4f 238->245 246 2995e3e-2995e41 238->246 247 2995e51-2995e5d 245->247 248 2995e60 245->248 246->245 247->248 250 2995e61 248->250 250->250
                    APIs
                    • CreateActCtxA.KERNEL32(?), ref: 02995DC9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: Create
                    • String ID:
                    • API String ID: 2289755597-0
                    • Opcode ID: b7b9a8c0238dab11a95b4b64cf3cc8857bf31fbbaad75cd45651b372c01dc282
                    • Instruction ID: 415196a0de4daa88502f1083ada8320230e60bd69fb28790ec6a2c038dc0b192
                    • Opcode Fuzzy Hash: b7b9a8c0238dab11a95b4b64cf3cc8857bf31fbbaad75cd45651b372c01dc282
                    • Instruction Fuzzy Hash: A2410FB0C0071DCBEF25CFA9C884B9EBBB5BF48304F60806AD408AB251DB756949CF90
                    Function 0728FC70 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 251 728fc70-728fc78 252 728fc7a-728fc83 251->252 253 728fc9f-728fca0 251->253 259 728fc84-728fc9e 252->259 255 728fca1-728fca2 253->255 256 728fc22-728fc4a PostMessageW 253->256 255->259 260 728fca4-728fca5 255->260 257 728fc4c-728fc52 256->257 258 728fc53-728fc67 256->258 257->258 259->253 261 728fcac-728fcbf 260->261 262 728fca7-728fcaa 260->262 266 728fcd0-728fceb 261->266 267 728fcc1-728fcce 261->267 262->261 270 728fced 266->270 271 728fcf5 266->271 267->266 270->271 272 728fcf6 271->272 272->272
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6b6a3d2e88350864e5c4d07e4484eded1842fc17bf43d5acfaf944beb8f41cb9
                    • Instruction ID: 222992349342c3f1541a15c56b8b7cbdde8ba11cfde3a24141252b60e674567c
                    • Opcode Fuzzy Hash: 6b6a3d2e88350864e5c4d07e4484eded1842fc17bf43d5acfaf944beb8f41cb9
                    • Instruction Fuzzy Hash: 7021A1F291521A9FEF10EF55DA057EEBBF4AB48314F204819D901A7280D7766A00CBE0
                    Function 0728D551 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 273 728d551-728d5a6 276 728d5a8-728d5b4 273->276 277 728d5b6-728d5f5 WriteProcessMemory 273->277 276->277 279 728d5fe-728d62e 277->279 280 728d5f7-728d5fd 277->280 280->279
                    APIs
                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0728D5E8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: MemoryProcessWrite
                    • String ID:
                    • API String ID: 3559483778-0
                    • Opcode ID: 04f7899364c6d3beeb52577cfad85db419782565630f45e484270c6e264dcf76
                    • Instruction ID: 31e6970cdd26b47bbed2e747b8384934fb1d32a690892e3e064b373243b8e2b3
                    • Opcode Fuzzy Hash: 04f7899364c6d3beeb52577cfad85db419782565630f45e484270c6e264dcf76
                    • Instruction Fuzzy Hash: B5215AB590035A9FDF10DFAAC885BDEBBF5FF48314F10842AE919A7280C7799554CBA0
                    Function 0728D558 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 284 728d558-728d5a6 286 728d5a8-728d5b4 284->286 287 728d5b6-728d5f5 WriteProcessMemory 284->287 286->287 289 728d5fe-728d62e 287->289 290 728d5f7-728d5fd 287->290 290->289
                    APIs
                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0728D5E8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: MemoryProcessWrite
                    • String ID:
                    • API String ID: 3559483778-0
                    • Opcode ID: ffc274ce0003bf14a6078e555b688f10b5157940f3e53bd6554200d2346c1f86
                    • Instruction ID: 0efbb5f4f304efb508767dfe8bbf5e593688908bfb7ee70c25d3d6910b25298d
                    • Opcode Fuzzy Hash: ffc274ce0003bf14a6078e555b688f10b5157940f3e53bd6554200d2346c1f86
                    • Instruction Fuzzy Hash: 78215AB190034A9FDF10DFA9C885BDEBBF5FF48310F10842AE518A7280C7799554CBA0
                    Function 0728D3B8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 294 728d3b8-728d40b 297 728d41b-728d44b Wow64SetThreadContext 294->297 298 728d40d-728d419 294->298 300 728d44d-728d453 297->300 301 728d454-728d484 297->301 298->297 300->301
                    APIs
                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0728D43E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: ContextThreadWow64
                    • String ID:
                    • API String ID: 983334009-0
                    • Opcode ID: d45d764a90964e7a49482f0b04cb7b0fc15103af10f1edcaeb11d87c1fc88397
                    • Instruction ID: b2d5c8846b9dda40121074c2985bdcc4d893c9e60f012b272f8d98bd1e29c1b5
                    • Opcode Fuzzy Hash: d45d764a90964e7a49482f0b04cb7b0fc15103af10f1edcaeb11d87c1fc88397
                    • Instruction Fuzzy Hash: 32213DB19103099FDB50DFAAC4857EFBBF4EF48314F14842AD519A7281C778A544CFA5
                    Function 0728D641 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 305 728d641-728d6d5 ReadProcessMemory 309 728d6de-728d70e 305->309 310 728d6d7-728d6dd 305->310 310->309
                    APIs
                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0728D6C8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: MemoryProcessRead
                    • String ID:
                    • API String ID: 1726664587-0
                    • Opcode ID: 436f5bc7efc14aaa4eb4fd0dd6b2db041594631ff031ba478ad586567637c30a
                    • Instruction ID: 1cd492dff8cbc88d95fdd46d5501eef08202fdbaf38642dac7eddb8dbe8b8561
                    • Opcode Fuzzy Hash: 436f5bc7efc14aaa4eb4fd0dd6b2db041594631ff031ba478ad586567637c30a
                    • Instruction Fuzzy Hash: 212136B18003599FDB10DFAAD881AEEBBF5FF48320F10882AE518A7240D7799504CBA4
                    Function 0299D820 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 314 299d820-299d8bc DuplicateHandle 315 299d8be-299d8c4 314->315 316 299d8c5-299d8e2 314->316 315->316
                    APIs
                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0299D8AF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: DuplicateHandle
                    • String ID:
                    • API String ID: 3793708945-0
                    • Opcode ID: 72d37a7a2e8d43c5ebd5d17da197997969e7064c34e638224c43ade209761065
                    • Instruction ID: ee9f621a87b19c6c149201c5d0833c4094d1b913506071cf94f27a4d210ca17a
                    • Opcode Fuzzy Hash: 72d37a7a2e8d43c5ebd5d17da197997969e7064c34e638224c43ade209761065
                    • Instruction Fuzzy Hash: 9A21E4B5900249DFDB10CFAAD984ADEBFF4FB48320F14845AE914A7351D378A954CFA0
                    Function 0728D648 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 329 728d648-728d6d5 ReadProcessMemory 332 728d6de-728d70e 329->332 333 728d6d7-728d6dd 329->333 333->332
                    APIs
                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0728D6C8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: MemoryProcessRead
                    • String ID:
                    • API String ID: 1726664587-0
                    • Opcode ID: 3eba44ed992ea0ddc2ae18acd8059ea0f8e212bdd77826af0a8f2cb3a813e45d
                    • Instruction ID: eb867e2fd29f4aeb680ce228dbb240d39a13da1dd47678a3ff896c6a7735e626
                    • Opcode Fuzzy Hash: 3eba44ed992ea0ddc2ae18acd8059ea0f8e212bdd77826af0a8f2cb3a813e45d
                    • Instruction Fuzzy Hash: 482128B19003599FDB10DFAAC885BEEBBF5FF48310F10842AE519A7240D7799514CBA4
                    Function 0728D3C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 319 728d3c0-728d40b 321 728d41b-728d44b Wow64SetThreadContext 319->321 322 728d40d-728d419 319->322 324 728d44d-728d453 321->324 325 728d454-728d484 321->325 322->321 324->325
                    APIs
                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0728D43E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: ContextThreadWow64
                    • String ID:
                    • API String ID: 983334009-0
                    • Opcode ID: b45d35da972e4c91e03e5429b337b27908c7a47ac44e216974ecc0a2b80ebcf3
                    • Instruction ID: 579be964d76b8c9d12baeadc7b2fc54c59ab1179a1718a5f7699f8025b21bf67
                    • Opcode Fuzzy Hash: b45d35da972e4c91e03e5429b337b27908c7a47ac44e216974ecc0a2b80ebcf3
                    • Instruction Fuzzy Hash: D3214CB19003098FDB10DFAAC4857EEBBF4FF88314F148429D519A7280C778A544CFA5
                    Function 0299D828 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                    Download Yara Rule
                    APIs
                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0299D8AF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: DuplicateHandle
                    • String ID:
                    • API String ID: 3793708945-0
                    • Opcode ID: 6fed5db8b27df7c58a21e4c95b67506257394cf8671cae0e038bdf035fc1e69c
                    • Instruction ID: 85caaed65fff8b2d67f154746df3d02392f4646c3fdd44db99a28221fe0bcacf
                    • Opcode Fuzzy Hash: 6fed5db8b27df7c58a21e4c95b67506257394cf8671cae0e038bdf035fc1e69c
                    • Instruction Fuzzy Hash: EC21E4B5900209DFDB10CFAAD984ADEBBF8FB48320F14805AE914A3350D378A954CFA0
                    Function 0728D490 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0728D506
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 160cd6ac805e12c19d8c5fb64af7074b2ffa9c7f0a06f69d9e81ca259b4b9e1a
                    • Instruction ID: 208d06f275c71297fef6cf52fc2abfd18ca020400d73e380506804cc1c5c39f8
                    • Opcode Fuzzy Hash: 160cd6ac805e12c19d8c5fb64af7074b2ffa9c7f0a06f69d9e81ca259b4b9e1a
                    • Instruction Fuzzy Hash: CB1147729003499FDB20DFAAC845BEFBFF5AF88324F14881AE519A7250C7799554CBA0
                    Function 0728D498 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0728D506
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 736d4edda50f45c5df78f79b45b0aebde28a2d8db5f8be29f48bcd91b2a27153
                    • Instruction ID: bf6a6ac294dd578665fdd46ed176c1d31b58220a12c6b10843b96717d346367c
                    • Opcode Fuzzy Hash: 736d4edda50f45c5df78f79b45b0aebde28a2d8db5f8be29f48bcd91b2a27153
                    • Instruction Fuzzy Hash: 7C1147719002499FDB10DFAAC845BDEBFF5AF88320F10841AE515A7250C7759514CBA0
                    Function 0728CED1 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: ResumeThread
                    • String ID:
                    • API String ID: 947044025-0
                    • Opcode ID: cf44411efe5202c41c81aba3e253d0039465bcb1a9d4d5196cead95c2f00a539
                    • Instruction ID: 62f52561bb1a4c4a9bffa484d4e583cd39472f95ec93c77af89e463e9a8fe261
                    • Opcode Fuzzy Hash: cf44411efe5202c41c81aba3e253d0039465bcb1a9d4d5196cead95c2f00a539
                    • Instruction Fuzzy Hash: 7E1146B18003498FEB20DFAAC4457DEFBF4EF88224F24845AD519A7240CB796944CBA4
                    Function 0728CED8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: ResumeThread
                    • String ID:
                    • API String ID: 947044025-0
                    • Opcode ID: 303b56a6a519c24dabd258c0efd2373bbbcbc96154c648b662ba1f1c18d3fab3
                    • Instruction ID: 5209fa7c4ad1be3cde1201c01e929df781caaf9d3ce355e6328f4dccb752cdd6
                    • Opcode Fuzzy Hash: 303b56a6a519c24dabd258c0efd2373bbbcbc96154c648b662ba1f1c18d3fab3
                    • Instruction Fuzzy Hash: 99113AB19003498FEB20DFAAC44579FFBF4EF88724F24845AD519A7240CB796544CBA4
                    Function 0728FBD8 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                    Download Yara Rule
                    APIs
                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 0728FC3D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: MessagePost
                    • String ID:
                    • API String ID: 410705778-0
                    • Opcode ID: 31cde363c0c90a54a4ca2b91a0a69e6f3779a3170f3a9eca9ee76584c7978838
                    • Instruction ID: bb5f1de5cc73055d4b95250d2a576ff18806a63688d2c72b26578db909e04f06
                    • Opcode Fuzzy Hash: 31cde363c0c90a54a4ca2b91a0a69e6f3779a3170f3a9eca9ee76584c7978838
                    • Instruction Fuzzy Hash: 8A11E3B58007499FDB10DF99D585BDEBBF8EB48324F20841AD915A7240C375A544CFA1
                    Function 0728B9B4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                    Download Yara Rule
                    APIs
                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 0728FC3D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID: MessagePost
                    • String ID:
                    • API String ID: 410705778-0
                    • Opcode ID: b5863261782f5b34bbaba072d5acb7893c0eb3d6d3614c1b0025dbac27fa7b96
                    • Instruction ID: 1dcc1076de13c089331d26ee85e4a831b58e0edbe550c55075dac8f7dec56e8b
                    • Opcode Fuzzy Hash: b5863261782f5b34bbaba072d5acb7893c0eb3d6d3614c1b0025dbac27fa7b96
                    • Instruction Fuzzy Hash: BC1125B58003099FDB50DF8AC545BDEBBF8FB48320F108419E914A3240C3B5A944CFA0
                    Function 0299B538 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0299B59E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID: HandleModule
                    • String ID:
                    • API String ID: 4139908857-0
                    • Opcode ID: 15f0ec94f8d37527927cb879ce767371639ccd4534a2424e57566694827cadc4
                    • Instruction ID: 421e8e84fe71f4de7aa3f7d07be4e7cbe96b0bc55bbb0129113a4c8ae9bc0aec
                    • Opcode Fuzzy Hash: 15f0ec94f8d37527927cb879ce767371639ccd4534a2424e57566694827cadc4
                    • Instruction Fuzzy Hash: 2B11DFB6C007498FDB20CF9AD544B9EFBF8AB88728F14845AD819A7210D379A545CFA1
                    Function 00E0D3D8 Relevance: .1, Instructions: 75COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2149865449.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_e0d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5576b49a538234faf87c742380097c27dfe44428b182936c38738c11afa91e91
                    • Instruction ID: 1f09c3d9c7386e3330368149c7416b69c7bf9640374a52f39a5c0d0bb8824849
                    • Opcode Fuzzy Hash: 5576b49a538234faf87c742380097c27dfe44428b182936c38738c11afa91e91
                    • Instruction Fuzzy Hash: B5212876508204DFDB04DF54DDC0B2ABF65FB94324F20C16DE9095B296C336E896CBA2
                    Function 0111D1D4 Relevance: .1, Instructions: 72COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150200417.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a72bd654c1e1a8d2b890c84b0a1c66889a45efd51c3f5892faea872dcea3766a
                    • Instruction ID: 522bfd59ff63be8ea820b0f2b5b1be723c9fffb80cd50aef879b7d1565278ca7
                    • Opcode Fuzzy Hash: a72bd654c1e1a8d2b890c84b0a1c66889a45efd51c3f5892faea872dcea3766a
                    • Instruction Fuzzy Hash: 44213771504200EFDF09DF94E5C4B65FBA1FB84324F20C67DE9094B25AC376D406CA62
                    Function 0111D01C Relevance: .1, Instructions: 72COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150200417.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6d0e37089d66badeff4bf760c8f5d91f1bad767d2051d697a45db3f5f1f52c2a
                    • Instruction ID: 4234f03e6949119c1f0278042c5c4252123a1fe75c27221ad8719a72993e91e5
                    • Opcode Fuzzy Hash: 6d0e37089d66badeff4bf760c8f5d91f1bad767d2051d697a45db3f5f1f52c2a
                    • Instruction Fuzzy Hash: D6210075604200EFDF19DF58E988B26FB61EB84314F20C5BDD90A0B25AC77AD446CA62
                    Function 00E0D3D3 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2149865449.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_e0d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                    • Instruction ID: 0a50c576e4576e074228df9d87be4433aad2ea6387306615b9e80fd40766f579
                    • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                    • Instruction Fuzzy Hash: 3511E6B6504280DFCB15CF54D9C4B16BF71FB94328F24C6A9D8094B656C33AE856CBA1
                    Function 0111D017 Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150200417.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                    • Instruction ID: b21ce50cc460348312acac8960c0b64fe45b8017aba8a93cefad6420b341d926
                    • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                    • Instruction Fuzzy Hash: 4D11D075504280CFCB16CF54E5C4B15FF61FB44314F24C6A9D8094B65AC33BD44ACB62
                    Function 0111D1CF Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150200417.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                    • Instruction ID: dc3f597dcf478d49f683e695b897fd064a648425f90f1a5126c28bd1f866b022
                    • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                    • Instruction Fuzzy Hash: 7511BB75504280DFCB06CF54D5C4B55FBA1FB84224F24C6A9D8494B6AAC33AD40ACB62
                    Function 00E0D745 Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2149865449.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_e0d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 35d8da45fe172bdbcf142ae8fc77a9503e466353e37f18cba55f997b823cf86f
                    • Instruction ID: 8ab369f3dfc97d7779a069c892c2abcca8ffc1232dda04403296a6ea0ec72a19
                    • Opcode Fuzzy Hash: 35d8da45fe172bdbcf142ae8fc77a9503e466353e37f18cba55f997b823cf86f
                    • Instruction Fuzzy Hash: 8C01F77100C3409AE7104EA5CD84B66BF98DF81338F1CD55BED086A2C6C6799880C771
                    Function 00E0D744 Relevance: .0, Instructions: 36COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2149865449.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_e0d000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 37e5c7502c2f0772056b3ab07093191d09c69f7ea48eaaa63b38f05000f96217
                    • Instruction ID: d06223c44602874c3b2665839b83bed2580e898d8b09e18c0a918598412fe94e
                    • Opcode Fuzzy Hash: 37e5c7502c2f0772056b3ab07093191d09c69f7ea48eaaa63b38f05000f96217
                    • Instruction Fuzzy Hash: B2F062714093449EE7108E59DDC8B66FF98EB91738F18C45BED085B2C6C6799844CBB1

                    Non-executed Functions

                    Function 072830D0 Relevance: .3, Instructions: 316COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 18a0e64f4135511d07a20892fcb24182d300054a8766429ba62f128f3102a8a3
                    • Instruction ID: a25e31e3c4076e5c0b82b2477dfa66909965b4b37200b74bbd8ec78f91cee986
                    • Opcode Fuzzy Hash: 18a0e64f4135511d07a20892fcb24182d300054a8766429ba62f128f3102a8a3
                    • Instruction Fuzzy Hash: A8E10CB4E10159CFDB14DFA9C590AAEBBB2FF49304F248169D814AB35AD7319942CFA0
                    Function 0728A640 Relevance: .3, Instructions: 312COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 045b3a72bed053d7d6f2b3038013fd6f9730346a450a164d016f7c940ebee9d2
                    • Instruction ID: 190b3b34e401ae4a3e04f06254d502ad1906289ab9ce486f0b28b9c464612249
                    • Opcode Fuzzy Hash: 045b3a72bed053d7d6f2b3038013fd6f9730346a450a164d016f7c940ebee9d2
                    • Instruction Fuzzy Hash: 74E13CB4E112598FDB14DF98C580AAEFBB2FF89304F24C16AD415AB355DB31A942CF60
                    Function 0728C6B0 Relevance: .3, Instructions: 312COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 47cf5e65530ae35f1401b1b8601590231b7b548da31e9494f1cb5ac0824a2222
                    • Instruction ID: 854fefaada1d162fd592c16de2ed483b208edb7b6516e7c78e37a8939df08b5d
                    • Opcode Fuzzy Hash: 47cf5e65530ae35f1401b1b8601590231b7b548da31e9494f1cb5ac0824a2222
                    • Instruction Fuzzy Hash: 69E12EB4E112198FDB14DFA8C580AAEFBF2FF49304F248159D415AB355D731A982CF60
                    Function 0728C278 Relevance: .3, Instructions: 312COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 60110d3a287874daa3e0aa626791773b9c3eba2a6928cfc5f4d89a8ec035588c
                    • Instruction ID: 40e62a767646d998dc62df473b9f2e4f73aebfbe8fab6f95b57f5aa08b50d32d
                    • Opcode Fuzzy Hash: 60110d3a287874daa3e0aa626791773b9c3eba2a6928cfc5f4d89a8ec035588c
                    • Instruction Fuzzy Hash: CCE12DB4E112198FDB14DFA9C580AAEFBF2FF89304F248269D415A7355D731A982CF60
                    Function 0728CF88 Relevance: .3, Instructions: 312COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: eac9685137092c19f4660c80bbe2b396dd159ba1b6a71aab12b227472e0b8d1c
                    • Instruction ID: e9a0e1e9dbd6f16aef7941e0fa5e5fd70d90f574ff68ad76b665e2a1a681f1a1
                    • Opcode Fuzzy Hash: eac9685137092c19f4660c80bbe2b396dd159ba1b6a71aab12b227472e0b8d1c
                    • Instruction Fuzzy Hash: 33E13CB4E102198FDB14DFA9C580AAEFBF2FF89304F248259D415AB395D731A942CF60
                    Function 0728AA78 Relevance: .3, Instructions: 312COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c5032a6fff615fc06a80cbeb36330d2f3054f317fc2a3d165893f294f11863d8
                    • Instruction ID: d3504dadffbb21d50b0851090bc187004d23709fc10f19e47e2fc10489b3fc78
                    • Opcode Fuzzy Hash: c5032a6fff615fc06a80cbeb36330d2f3054f317fc2a3d165893f294f11863d8
                    • Instruction Fuzzy Hash: E9E13CB4E112598FCB14DFA9C580AAEFBB2FF88304F24C16AD415A7355DB31A942CF60
                    Function 0299E134 Relevance: .3, Instructions: 264COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2150515959.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2990000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 232654b65bade83f68870fe2548ca0e516d782f9c2e162f9e5e565696f83bffc
                    • Instruction ID: b1e6c73bfb73126a2f96e6410aba5f9d27c842235611e81edddc448b2f8aa022
                    • Opcode Fuzzy Hash: 232654b65bade83f68870fe2548ca0e516d782f9c2e162f9e5e565696f83bffc
                    • Instruction Fuzzy Hash: FEA19E32E00219CFCF19DFB9C9805AEB7B6FF85314B1545AAE805AB265DB31E915CF80
                    Function 07283F88 Relevance: .2, Instructions: 169COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: acf10e4fd7299f0286d2b1489b502ebfc784dc460ce4dfe2936514bf3bcb3f33
                    • Instruction ID: 68bd7aa330d875b6e79646fdaab91744d549a4398cda8d53cb5912c458dffabb
                    • Opcode Fuzzy Hash: acf10e4fd7299f0286d2b1489b502ebfc784dc460ce4dfe2936514bf3bcb3f33
                    • Instruction Fuzzy Hash: F771AFB4E112598FDB48DFAAC984A9EFBF2BF88300F24D166D418AB255D7349942CF50
                    Function 07283CF0 Relevance: .1, Instructions: 140COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ee5b95b10b4076be2da480e0bbb520bf87029a06626850a1f950cd53e35aae83
                    • Instruction ID: af69a91f605d3ef3f943cea637716fd22c7bc619ada77a3898490da573fc848b
                    • Opcode Fuzzy Hash: ee5b95b10b4076be2da480e0bbb520bf87029a06626850a1f950cd53e35aae83
                    • Instruction Fuzzy Hash: 3F51A2B5D116199FDB04DFE6C8846EEFBF6BF88300F10802AE819AB255DB745946CF40
                    Function 07283F77 Relevance: .1, Instructions: 127COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7a6d2c1bab0acbeff17ed49c5ccfbfdf5cf7761ff0b55618611aa01ed8dca4a9
                    • Instruction ID: c4fab35cc57364f08677797bdcfb4c142cb340c28ad67688ae4c97ba113ca68a
                    • Opcode Fuzzy Hash: 7a6d2c1bab0acbeff17ed49c5ccfbfdf5cf7761ff0b55618611aa01ed8dca4a9
                    • Instruction Fuzzy Hash: A051A0B5E106598FDB48DFAAC98469EFBF2BF88300F14C16AD418AB355DB349946CF40
                    Function 07283CEA Relevance: .1, Instructions: 98COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155077818.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7280000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c263b51d340b0890c620633467f3948f6c9fece33496d1e1753e527348d21c39
                    • Instruction ID: e872ff17444820be408698e20f23af41885cf3734f80ca3fdbbf848e1be8fea0
                    • Opcode Fuzzy Hash: c263b51d340b0890c620633467f3948f6c9fece33496d1e1753e527348d21c39
                    • Instruction Fuzzy Hash: B141A3B5E006199FDB08DFEAC8856DEFBF6AF88300F14C12AD419AB254DB745946CF40

                    Execution Graph

                    Execution Coverage:0.8%
                    Dynamic/Decrypted Code Coverage:5.8%
                    Signature Coverage:9.6%
                    Total number of Nodes:104
                    Total number of Limit Nodes:11
                    execution_graph 90593 42ba43 90594 42ba5d 90593->90594 90597 18f2df0 LdrInitializeThunk 90594->90597 90595 42ba85 90597->90595 90598 424b63 90602 424b7c 90598->90602 90599 424c0c 90600 424bc4 90606 42e573 90600->90606 90602->90599 90602->90600 90604 424c07 90602->90604 90605 42e573 RtlFreeHeap 90604->90605 90605->90599 90609 42c7b3 90606->90609 90608 424bd4 90610 42c7cd 90609->90610 90611 42c7de RtlFreeHeap 90610->90611 90611->90608 90684 4247d3 90685 4247ef 90684->90685 90686 424817 90685->90686 90687 42482b 90685->90687 90688 42c433 NtClose 90686->90688 90689 42c433 NtClose 90687->90689 90691 424820 90688->90691 90690 424834 90689->90690 90694 42e693 RtlAllocateHeap 90690->90694 90693 42483f 90694->90693 90695 42f613 90696 42f623 90695->90696 90697 42f629 90695->90697 90700 42e653 90697->90700 90699 42f64f 90703 42c763 90700->90703 90702 42e66e 90702->90699 90704 42c780 90703->90704 90705 42c791 RtlAllocateHeap 90704->90705 90705->90702 90612 417563 90613 417587 90612->90613 90614 4175c3 LdrLoadDll 90613->90614 90615 41758e 90613->90615 90614->90615 90706 413a93 90710 413ab3 90706->90710 90708 413b1c 90709 413b12 90710->90708 90711 41b1a3 RtlFreeHeap LdrInitializeThunk 90710->90711 90711->90709 90712 41e293 90713 41e2b9 90712->90713 90717 41e3b6 90713->90717 90718 42f743 90713->90718 90715 41e354 90716 42ba93 LdrInitializeThunk 90715->90716 90715->90717 90716->90717 90719 42f6b3 90718->90719 90720 42f710 90719->90720 90721 42e653 RtlAllocateHeap 90719->90721 90720->90715 90722 42f6ed 90721->90722 90723 42e573 RtlFreeHeap 90722->90723 90723->90720 90616 401b07 90618 401aa2 90616->90618 90617 401a48 90618->90617 90621 42fae3 90618->90621 90624 42e0f3 90621->90624 90625 42e117 90624->90625 90634 4072d3 90625->90634 90627 42e140 90633 401bff 90627->90633 90637 41ae93 90627->90637 90629 42e15f 90630 42e174 90629->90630 90631 42c803 ExitProcess 90629->90631 90648 42c803 90630->90648 90631->90630 90636 4072e0 90634->90636 90651 416283 90634->90651 90636->90627 90638 41aebf 90637->90638 90669 41ad83 90638->90669 90641 41af04 90643 41af20 90641->90643 90646 42c433 NtClose 90641->90646 90642 41aeec 90644 41aef7 90642->90644 90675 42c433 90642->90675 90643->90629 90644->90629 90647 41af16 90646->90647 90647->90629 90649 42c81d 90648->90649 90650 42c82e ExitProcess 90649->90650 90650->90633 90652 4162a0 90651->90652 90654 4162b9 90652->90654 90655 42cec3 90652->90655 90654->90636 90656 42cedd 90655->90656 90657 42cf0c 90656->90657 90662 42ba93 90656->90662 90657->90654 90660 42e573 RtlFreeHeap 90661 42cf85 90660->90661 90661->90654 90663 42bab0 90662->90663 90666 18f2c0a 90663->90666 90664 42badc 90664->90660 90667 18f2c1f LdrInitializeThunk 90666->90667 90668 18f2c11 90666->90668 90667->90664 90668->90664 90670 41ae79 90669->90670 90671 41ad9d 90669->90671 90670->90641 90670->90642 90678 42bb33 90671->90678 90674 42c433 NtClose 90674->90670 90676 42c44d 90675->90676 90677 42c45e NtClose 90676->90677 90677->90644 90679 42bb4d 90678->90679 90682 18f35c0 LdrInitializeThunk 90679->90682 90680 41ae6d 90680->90674 90682->90680 90683 18f2b60 LdrInitializeThunk

                    Executed Functions

                    Function 00417563 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 110 417563-41757f 111 417587-41758c 110->111 112 417582 call 42f153 110->112 113 417592-4175a0 call 42f753 111->113 114 41758e-417591 111->114 112->111 117 4175b0-4175c1 call 42dbc3 113->117 118 4175a2-4175ad call 42f9f3 113->118 123 4175c3-4175d7 LdrLoadDll 117->123 124 4175da-4175dd 117->124 118->117 123->124
                    APIs
                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175D5
                    Memory Dump Source
                    • Source File: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_400000_PO No.jbxd
                    Yara matches
                    Similarity
                    • API ID: Load
                    • String ID:
                    • API String ID: 2234796835-0
                    • Opcode ID: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
                    • Instruction ID: bdce513adcdf66a5ddf40d0a2ecde4d7099c94072a20f6ffb4ae009ad51faa44
                    • Opcode Fuzzy Hash: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
                    • Instruction Fuzzy Hash: B00171B1E0020DBBDF10DBE1DC42FDEB379AB54308F4081AAE90897241F634EB588B95
                    Function 0042C433 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 135 42c433-42c46c call 404713 call 42d6b3 NtClose
                    APIs
                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C467
                    Memory Dump Source
                    • Source File: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_400000_PO No.jbxd
                    Yara matches
                    Similarity
                    • API ID: Close
                    • String ID:
                    • API String ID: 3535843008-0
                    • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                    • Instruction ID: 37a102a096cf0697ac499042812ebe3be0a6e3a94df1b2a833282852239f11ec
                    • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                    • Instruction Fuzzy Hash: 7DE04F766002147BD620BA5AEC41F97775CDFC5714F00801AFA0867282C675791087F5
                    Function 018F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 149 18f2b60-18f2b6c LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: a4fd573cdbf28e0f0fa1a4219e460ed25e550912cd03f75a13ccec0a2f187da8
                    • Instruction ID: ba06e861cd64ebd102d9f877ceb0a5a4a26163e0896b1f343acf114d31dbac0e
                    • Opcode Fuzzy Hash: a4fd573cdbf28e0f0fa1a4219e460ed25e550912cd03f75a13ccec0a2f187da8
                    • Instruction Fuzzy Hash: 7790026170290047410671584418616804E97E0301B55C021E10545D4DC52589D16225
                    Function 018F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 151 18f2df0-18f2dfc LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 65ac5e124ad845016c229447944b8a33e77c470345855af842a6581636561e34
                    • Instruction ID: eec8a606655d4d708f7112547c3f1b0faf27bb293391a41c41cb522373b76d59
                    • Opcode Fuzzy Hash: 65ac5e124ad845016c229447944b8a33e77c470345855af842a6581636561e34
                    • Instruction Fuzzy Hash: 8390023170190457D11271584508707404D97D0341F95C412A046459CDD6568A92A221
                    Function 018F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 150 18f2c70-18f2c7c LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 9e7f13eb218d53bf7409361dafec80275a7923d51459776a7e5ae613b303ab07
                    • Instruction ID: 342de3db973d0c238f59c171a8a6552228713c726b742efbc366abe3132c9f65
                    • Opcode Fuzzy Hash: 9e7f13eb218d53bf7409361dafec80275a7923d51459776a7e5ae613b303ab07
                    • Instruction Fuzzy Hash: F790023170198846D1117158840874A404997D0301F59C411A446469CDC69589D17221
                    Function 018F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 152 18f35c0-18f35cc LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 2a5de8060f6d266488a66fe333e7403d5a05223a994a7814c205bddca2a77d82
                    • Instruction ID: e172471b4d4a9effeb2a1f1f93d58363d5c17d1d2b30ee88b5b2d8b318481259
                    • Opcode Fuzzy Hash: 2a5de8060f6d266488a66fe333e7403d5a05223a994a7814c205bddca2a77d82
                    • Instruction Fuzzy Hash: 01900231B05A0446D10171584518706504997D0301F65C411A04645ACDC7958A9166A2
                    Function 0042C763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 125 42c763-42c7a7 call 404713 call 42d6b3 RtlAllocateHeap
                    APIs
                    • RtlAllocateHeap.NTDLL(?,0041E354,?,?,00000000,?,0041E354,?,?,?), ref: 0042C7A2
                    Memory Dump Source
                    • Source File: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_400000_PO No.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                    • Instruction ID: 8478ad7e8697ef7acc63e2c8c0b0e70c508952faf178b19bb78cdc86ac20e0b7
                    • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                    • Instruction Fuzzy Hash: 18E06DB27042047FD610EE59EC45F9B73ACEFC5714F004019F908A7282D770B9108AB5
                    Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 130 42c7b3-42c7f4 call 404713 call 42d6b3 RtlFreeHeap
                    APIs
                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,9403D333,00000007,00000000,00000004,00000000,00416E48,000000F4), ref: 0042C7EF
                    Memory Dump Source
                    • Source File: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_400000_PO No.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
                    • Instruction ID: 0103aceadb78e79b7ecc8faacede7f1e09fa23b9d57152ecbc1c1368217fcbeb
                    • Opcode Fuzzy Hash: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
                    • Instruction Fuzzy Hash: 6DE06DB17002047BD610EE59EC81F9B33ADDFC5710F004019FE08A7241D671B9108AB9
                    Function 0042C803 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 140 42c803-42c83c call 404713 call 42d6b3 ExitProcess
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_400000_PO No.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExitProcess
                    • String ID:
                    • API String ID: 621844428-0
                    • Opcode ID: cef4f983fc9ebd551220bca8743f3b8b02da57f9f425297ef17eed880e4366f5
                    • Instruction ID: f8c1995de4c57a0dc7d95be7e0574ee260bed641c46f1d5501e4473e89b5d8ab
                    • Opcode Fuzzy Hash: cef4f983fc9ebd551220bca8743f3b8b02da57f9f425297ef17eed880e4366f5
                    • Instruction Fuzzy Hash: F9E04F756442147FD120BA9ADC41F97776CDFC5714F40401AFA1C67241C674790487F4
                    Function 018F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 145 18f2c0a-18f2c0f 146 18f2c1f-18f2c26 LdrInitializeThunk 145->146 147 18f2c11-18f2c18 145->147
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 718812f8b4ba1369cb3028c38db5478fa97fe4636c1b4cc16788de8abd64e3e3
                    • Instruction ID: f12c695ba6645486073de3ec186feb3a39c33d3b3e40a9c28a44eb86f2fdee56
                    • Opcode Fuzzy Hash: 718812f8b4ba1369cb3028c38db5478fa97fe4636c1b4cc16788de8abd64e3e3
                    • Instruction Fuzzy Hash: 16B09B71D019C5C9DA12E764460C7177945B7D0701F15C065D3074685FC738C1D1E275

                    Non-executed Functions

                    Function 01932349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-2160512332
                    • Opcode ID: 35bea6f3a771c481e0880c7c6dc9c2530beead5563e2a9b188204e195fae6dbc
                    • Instruction ID: 10c06884f1a3be728783fa0b7401be4f18bde6189dfc57689aae3d27989ac797
                    • Opcode Fuzzy Hash: 35bea6f3a771c481e0880c7c6dc9c2530beead5563e2a9b188204e195fae6dbc
                    • Instruction Fuzzy Hash: 18927B71608342ABE721CF28C884F6BBBE9BBC4754F14492DFA99D7250D770E944CB92
                    Function 018E8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                    Download Yara Rule
                    Strings
                    • Address of the debug info found in the active list., xrefs: 019254AE, 019254FA
                    • Critical section address., xrefs: 01925502
                    • Invalid debug info address of this critical section, xrefs: 019254B6
                    • Thread identifier, xrefs: 0192553A
                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019254CE
                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0192540A, 01925496, 01925519
                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019254E2
                    • Critical section address, xrefs: 01925425, 019254BC, 01925534
                    • Critical section debug info address, xrefs: 0192541F, 0192552E
                    • corrupted critical section, xrefs: 019254C2
                    • undeleted critical section in freed memory, xrefs: 0192542B
                    • Thread is in a state in which it cannot own a critical section, xrefs: 01925543
                    • 8, xrefs: 019252E3
                    • double initialized or corrupted critical section, xrefs: 01925508
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                    • API String ID: 0-2368682639
                    • Opcode ID: 4eaf8e77820a78d6b72949fce636d0e44c048b5245b1bd794f8538186dc15687
                    • Instruction ID: 47835fcc4a7e1c3a9a1064464b662dbfd65ae3a8f6e2cc528c519304f32af9d1
                    • Opcode Fuzzy Hash: 4eaf8e77820a78d6b72949fce636d0e44c048b5245b1bd794f8538186dc15687
                    • Instruction Fuzzy Hash: F2818CB0A00359AFEF20CF99C885FAEBBB9BB4A714F154119F508F7250D375AA44CB90
                    Function 018E29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                    Download Yara Rule
                    Strings
                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0192261F
                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01922409
                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019222E4
                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019225EB
                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01922506
                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019224C0
                    • @, xrefs: 0192259B
                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01922602
                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01922498
                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01922412
                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01922624
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                    • API String ID: 0-4009184096
                    • Opcode ID: a8671345da653a1c1a5bb68d8ada45580a12c2cd4841519554fb6a69b4f69401
                    • Instruction ID: 51de65274354a0628e65d91d279b81be5c33ecc0b0cc7176d62a6561d402b6df
                    • Opcode Fuzzy Hash: a8671345da653a1c1a5bb68d8ada45580a12c2cd4841519554fb6a69b4f69401
                    • Instruction Fuzzy Hash: 48027EB1D002299BDB31DB58CC84B9AB7B9AB55704F4041DAE60DE7241EB30AF94CF59
                    Function 01958B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                    • API String ID: 0-2515994595
                    • Opcode ID: d7bb35846d610d83661ec60d7f0740c471df6f9aa9caaaaab3f255b7a385970a
                    • Instruction ID: 7d311a8fd86429d23a5714df99abdb0cd7b906056edd9328b1a9be698a82d136
                    • Opcode Fuzzy Hash: d7bb35846d610d83661ec60d7f0740c471df6f9aa9caaaaab3f255b7a385970a
                    • Instruction Fuzzy Hash: 6851AB715183069BD369DF1AC884BABBBECEF94740F24491DAE9DD3240E770D608CB92
                    Function 01960274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                    • API String ID: 0-1700792311
                    • Opcode ID: 3d7521a54f2f162c7ba6828b61112ecfaabe210df455bb528b547d684573f77b
                    • Instruction ID: 3e69474390e5f58daaca14a82c35358f30b679a4bc20ebc69d4ad411d8068bab
                    • Opcode Fuzzy Hash: 3d7521a54f2f162c7ba6828b61112ecfaabe210df455bb528b547d684573f77b
                    • Instruction Fuzzy Hash: 71D1ED31604686DFEB22DF69C480AAEBFF9FF49700F4C8059F4499B252D7749A81CB61
                    Function 019389B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                    Download Yara Rule
                    Strings
                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01938A3D
                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01938A67
                    • HandleTraces, xrefs: 01938C8F
                    • AVRF: -*- final list of providers -*- , xrefs: 01938B8F
                    • VerifierDebug, xrefs: 01938CA5
                    • VerifierDlls, xrefs: 01938CBD
                    • VerifierFlags, xrefs: 01938C50
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                    • API String ID: 0-3223716464
                    • Opcode ID: 69cdc452423c67b3e286dd314aa0a3dc70638f60d202463eb55c861255992f07
                    • Instruction ID: 46532af42906a55b59191a02adbe6f9362e37b1ed4dca2cf06d360b979d01fbe
                    • Opcode Fuzzy Hash: 69cdc452423c67b3e286dd314aa0a3dc70638f60d202463eb55c861255992f07
                    • Instruction Fuzzy Hash: 0B9114B1A45312AFE721DF6C8880F5A77E8AFD4714F460A18FA49AB241D770DD09C7D2
                    Function 01934DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                    Download Yara Rule
                    Strings
                    • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01934DF5
                    • ***Exception thrown within loader***, xrefs: 01934E27
                    • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01934E38
                    • LdrpGenericExceptionFilter, xrefs: 01934DFC
                    • LdrpProtectedCopyMemory, xrefs: 01934DF4
                    • minkernel\ntdll\ldrutil.c, xrefs: 01934E06
                    • Execute '.cxr %p' to dump context, xrefs: 01934EB1
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                    • API String ID: 0-2973941816
                    • Opcode ID: de16c63e5c04a4e9f7631917038d8d842844c8f848af0a6e7995410996d9138f
                    • Instruction ID: 91f39458ad567c5b40f4dde10ef3f4694b191763d5090606d343ab644865b7c2
                    • Opcode Fuzzy Hash: de16c63e5c04a4e9f7631917038d8d842844c8f848af0a6e7995410996d9138f
                    • Instruction Fuzzy Hash: 7021387214C1027BEB38AA6C9C85E367BACFBC1B65F190505F61ADB690C554FF01C272
                    Function 018BEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                    • API String ID: 0-1109411897
                    • Opcode ID: 684d7b188c9ec7d4974574233a4298b1748d98746ec6c5c3f67aeda1afdbf815
                    • Instruction ID: 463b7181bee24691854be12b674c65c701b8bc967a2bc364d04d7dd62bd56473
                    • Opcode Fuzzy Hash: 684d7b188c9ec7d4974574233a4298b1748d98746ec6c5c3f67aeda1afdbf815
                    • Instruction Fuzzy Hash: C5A22474A0562A8FDB65CF19CD88BA9BBB5AB49704F1442E9D90DE7394DB309EC1CF00
                    Function 018E63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-792281065
                    • Opcode ID: 9942ae3bd1952d5838200af51394b05ab07b44ef770610063e66c4ba43461b14
                    • Instruction ID: a48a9f86a7118aa5a3c3d5b4335b212788151b760e3b1746382d03bdd1aef2de
                    • Opcode Fuzzy Hash: 9942ae3bd1952d5838200af51394b05ab07b44ef770610063e66c4ba43461b14
                    • Instruction Fuzzy Hash: FB915D30B04325DBEB35DF19D888BAD7BE5BF62B18F640128E508EB285E7749A05C7D1
                    Function 018A645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                    Download Yara Rule
                    Strings
                    • Getting the shim user exports failed with status 0x%08lx, xrefs: 01909A01
                    • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 019099ED
                    • LdrpInitShimEngine, xrefs: 019099F4, 01909A07, 01909A30
                    • apphelp.dll, xrefs: 018A6496
                    • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01909A2A
                    • minkernel\ntdll\ldrinit.c, xrefs: 01909A11, 01909A3A
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-204845295
                    • Opcode ID: 1c3e786e4dc6d1e5f6984452f27f4f709aa8b8d942816895c55f8750f23267c5
                    • Instruction ID: 353d8e1cb088e673a921132235c774a27e4e542f8d19325df13f0444707d33f7
                    • Opcode Fuzzy Hash: 1c3e786e4dc6d1e5f6984452f27f4f709aa8b8d942816895c55f8750f23267c5
                    • Instruction Fuzzy Hash: F251B1712083059FE721DF28C881BAB7BE9FF84748F54491DF589DB295E630EA44CB92
                    Function 018EC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                    Download Yara Rule
                    Strings
                    • minkernel\ntdll\ldrredirect.c, xrefs: 01928181, 019281F5
                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 019281E5
                    • LdrpInitializeProcess, xrefs: 018EC6C4
                    • LdrpInitializeImportRedirection, xrefs: 01928177, 019281EB
                    • minkernel\ntdll\ldrinit.c, xrefs: 018EC6C3
                    • Loading import redirection DLL: '%wZ', xrefs: 01928170
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                    • API String ID: 0-475462383
                    • Opcode ID: a25694d26e394278456fb20936ede835cd7612db356d07fada652372a661ca89
                    • Instruction ID: 6fc44c42bd291483d9ad6de1dd14c806c92daed082a828dd0069134ad8fcc44b
                    • Opcode Fuzzy Hash: a25694d26e394278456fb20936ede835cd7612db356d07fada652372a661ca89
                    • Instruction Fuzzy Hash: 3F31E6716483569BD220EF2CD986E2BBBD4BF95B14F04051CF944DB295D620EE04CBA3
                    Function 018E2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                    Download Yara Rule
                    Strings
                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01922180
                    • SXS: %s() passed the empty activation context, xrefs: 01922165
                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019221BF
                    • RtlGetAssemblyStorageRoot, xrefs: 01922160, 0192219A, 019221BA
                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0192219F
                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01922178
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                    • API String ID: 0-861424205
                    • Opcode ID: f9b268fdf4feb011ef62c7d93881f458f51ee11e8146526e9ec6ac4db2a4da9e
                    • Instruction ID: 625cf377b1048b1693cea847dc4589fe57e8ffa385eb9bed27b04bb5309817f4
                    • Opcode Fuzzy Hash: f9b268fdf4feb011ef62c7d93881f458f51ee11e8146526e9ec6ac4db2a4da9e
                    • Instruction Fuzzy Hash: BD312836F402256BFB219B998C85F5B7BAEEB95B50F094059FA08FB205D2709B01C6A1
                    Function 018F096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 018F2DF0: LdrInitializeThunk.NTDLL ref: 018F2DFA
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018F0BA3
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018F0BB6
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018F0D60
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018F0D74
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                    • String ID:
                    • API String ID: 1404860816-0
                    • Opcode ID: 6cfc0b299b787138b401d68190651a62c9e553e80ed19a4b782a3d4c397d2eda
                    • Instruction ID: 9a712fcaffe44a6e8dca300a578f35bdf1714ab2e615bb823c82e8cd9b89feaf
                    • Opcode Fuzzy Hash: 6cfc0b299b787138b401d68190651a62c9e553e80ed19a4b782a3d4c397d2eda
                    • Instruction Fuzzy Hash: 82424A75900715DFDB21CF28C880BAAB7F5BF44314F1445ADEA89EB246E770AA84CF61
                    Function 018BA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                    • API String ID: 0-379654539
                    • Opcode ID: 5bb95cade76719022246f574572bbbce29ed3bbcfe7c6f2b749319fa3db4d7a2
                    • Instruction ID: ef5a3b6da85edbe0f32b03aba64c732f5cbf3644e286739dffcb90ca4624178a
                    • Opcode Fuzzy Hash: 5bb95cade76719022246f574572bbbce29ed3bbcfe7c6f2b749319fa3db4d7a2
                    • Instruction Fuzzy Hash: 31C17C7450838A8FD719DF58C080BAAB7E4BF84708F044969F995CB351E738DA49CB52
                    Function 018E8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                    Download Yara Rule
                    Strings
                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 018E855E
                    • @, xrefs: 018E8591
                    • LdrpInitializeProcess, xrefs: 018E8422
                    • minkernel\ntdll\ldrinit.c, xrefs: 018E8421
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-1918872054
                    • Opcode ID: cd357eb49976ab4e6be3618e885db45a3c03fc949add77f346f5eab76d111545
                    • Instruction ID: 342dbb5b309e633d7ee415200721a78623caf43d21b97e6c7fede42f2d55a842
                    • Opcode Fuzzy Hash: cd357eb49976ab4e6be3618e885db45a3c03fc949add77f346f5eab76d111545
                    • Instruction Fuzzy Hash: 7D915D71508345AFE721DF69CC84EAFBAE8FF86744F40092EFA84D6151E734DA448B62
                    Function 018E273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                    Download Yara Rule
                    Strings
                    • SXS: %s() passed the empty activation context, xrefs: 019221DE
                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019222B6
                    • .Local, xrefs: 018E28D8
                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019221D9, 019222B1
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                    • API String ID: 0-1239276146
                    • Opcode ID: 880da9ccd7ffd8888872d66478b5263977cd53eee2305358a42eb197c23258da
                    • Instruction ID: b42f062970600b4302f1cdbac33cf3d3b9a9af38d4291776a3c21f891604e961
                    • Opcode Fuzzy Hash: 880da9ccd7ffd8888872d66478b5263977cd53eee2305358a42eb197c23258da
                    • Instruction Fuzzy Hash: C4A1AE319002299BDB24DF68CC88BA9B7FABF5A354F1541E9D908EB255D7309F80CF91
                    Function 018E4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                    Download Yara Rule
                    Strings
                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01923456
                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0192342A
                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01923437
                    • RtlDeactivateActivationContext, xrefs: 01923425, 01923432, 01923451
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                    • API String ID: 0-1245972979
                    • Opcode ID: 0ba8a61eeddbf17a9958480a018b56a3685e91e52f17b25b171821e90c7ec343
                    • Instruction ID: e5c886e001d12f4dc7e60026aac3403a3ec99eb0a3f9eb2d5eb788a06de641cd
                    • Opcode Fuzzy Hash: 0ba8a61eeddbf17a9958480a018b56a3685e91e52f17b25b171821e90c7ec343
                    • Instruction Fuzzy Hash: 626123326007229BDB22CF1DC885B2AB7E5FF85B10F18856DE95DDB241C738EA01CB91
                    Function 018B64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                    Download Yara Rule
                    Strings
                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01910FE5
                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01911028
                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019110AE
                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0191106B
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                    • API String ID: 0-1468400865
                    • Opcode ID: de4e947c8a38a4f70490a253acabad58303afa6f46a8e43b881566ff726e0834
                    • Instruction ID: f56e32a331f0f7306b450c89a99cd071c52c3f5870fd73baee02e961de3ea964
                    • Opcode Fuzzy Hash: de4e947c8a38a4f70490a253acabad58303afa6f46a8e43b881566ff726e0834
                    • Instruction Fuzzy Hash: 2471C171904309AFCB21DF18C8C5B9B7FA8AF94754F540468F948CB286E735D698CBD2
                    Function 018D245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                    Download Yara Rule
                    Strings
                    • LdrpDynamicShimModule, xrefs: 0191A998
                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0191A992
                    • apphelp.dll, xrefs: 018D2462
                    • minkernel\ntdll\ldrinit.c, xrefs: 0191A9A2
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-176724104
                    • Opcode ID: 38ef35ba6bbad867fd1ba9962b86dd2a4e781cce792dde3e1fe3e62bac69bb73
                    • Instruction ID: a70a5d623b63449669a5c5d9f7ecd1328151e4e48b5a9a9fed4a5b6d5ff73308
                    • Opcode Fuzzy Hash: 38ef35ba6bbad867fd1ba9962b86dd2a4e781cce792dde3e1fe3e62bac69bb73
                    • Instruction Fuzzy Hash: F7316B72600345ABDB319F5DC885EAEBBBAFF80B14F994019E904AB259C7705EC5CBC0
                    Function 018C29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                    Download Yara Rule
                    Strings
                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 018C327D
                    • HEAP: , xrefs: 018C3264
                    • HEAP[%wZ]: , xrefs: 018C3255
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                    • API String ID: 0-617086771
                    • Opcode ID: 43bc2ca0ac18409bd6f41b142969e854da953be38b151e9b25266a2ae9c48183
                    • Instruction ID: 2b6e6ffa26869a4fb70b02581252500f2ba05135528741d382d80a227fea0919
                    • Opcode Fuzzy Hash: 43bc2ca0ac18409bd6f41b142969e854da953be38b151e9b25266a2ae9c48183
                    • Instruction Fuzzy Hash: B9929A71A042499FDB25CF68C440BA9BBF2BF48714F18806DE959EB392D735EA42CF50
                    Function 018C0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                    • API String ID: 0-4253913091
                    • Opcode ID: 81a25b793fd0c2392481f011d588331b883b6ea1b625c65950cd6aaaa4703d0b
                    • Instruction ID: 1e96a8585a306cce4ddfb780fbeeb4e7f09983ac107d6bb71a717fadae471dbd
                    • Opcode Fuzzy Hash: 81a25b793fd0c2392481f011d588331b883b6ea1b625c65950cd6aaaa4703d0b
                    • Instruction Fuzzy Hash: 45F1CF3460060ADFEB15CF68C880BAAB7B5FF85B44F15816CE51ADB345D734EA81CB91
                    Function 018D6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: $@
                    • API String ID: 0-1077428164
                    • Opcode ID: 7eada2225ce9fe785c1a93664c1f2d7b2321e179de8294501cd22bc73f6df27a
                    • Instruction ID: 400799150370c189305bc00ad4f96865833cac4ba630d623a0811bf951bb8bb5
                    • Opcode Fuzzy Hash: 7eada2225ce9fe785c1a93664c1f2d7b2321e179de8294501cd22bc73f6df27a
                    • Instruction Fuzzy Hash: 16C290716083459FEB25CF28C881BABBBE5BF88758F04892DF989C7241E734D945CB52
                    Function 018AA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: FilterFullPath$UseFilter$\??\
                    • API String ID: 0-2779062949
                    • Opcode ID: e90969c2d2c34c6c8d35fd21cd43d2da1054d5355fc3be39e9debb3ba35bcac3
                    • Instruction ID: 12865b16ab8f15ac4bc672581307e9c5045ad7e66426798450559e2378caed83
                    • Opcode Fuzzy Hash: e90969c2d2c34c6c8d35fd21cd43d2da1054d5355fc3be39e9debb3ba35bcac3
                    • Instruction Fuzzy Hash: 0DA14A719116299FDB22DB68CC88BAAB7B8EF44B00F1141E9EA0DE7250D7359F84CF51
                    Function 018D0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                    Download Yara Rule
                    Strings
                    • LdrpCheckModule, xrefs: 0191A117
                    • Failed to allocated memory for shimmed module list, xrefs: 0191A10F
                    • minkernel\ntdll\ldrinit.c, xrefs: 0191A121
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-161242083
                    • Opcode ID: 6addf71fe4b11e3bde85c68d7da6c0bcef9fe3878ad3b0d3fa1986883cba1d1f
                    • Instruction ID: dda1bdf323aefb9e689e6ca3ff3012fcb8021fd2738add0aa1c5657958863428
                    • Opcode Fuzzy Hash: 6addf71fe4b11e3bde85c68d7da6c0bcef9fe3878ad3b0d3fa1986883cba1d1f
                    • Instruction Fuzzy Hash: 78719D70A0030A9FDB25DF6CC980AAEB7F4FF84704F58402DE906E7255E634AE85CB91
                    Function 018C0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                    • API String ID: 0-1334570610
                    • Opcode ID: d96a465fcc79e64102f91f12828cee7ba9b130da4233c160fb8e4932c4e816b0
                    • Instruction ID: 33b0f2df1b1fd7bb6968738ce924d5485eefd968b8ae690b977d76889340b5a5
                    • Opcode Fuzzy Hash: d96a465fcc79e64102f91f12828cee7ba9b130da4233c160fb8e4932c4e816b0
                    • Instruction Fuzzy Hash: D461EF74600305DFEB29CF28C480B6ABBE1FF85B48F15855DE459CB296D770E981CB91
                    Function 018EC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                    Download Yara Rule
                    Strings
                    • Failed to reallocate the system dirs string !, xrefs: 019282D7
                    • LdrpInitializePerUserWindowsDirectory, xrefs: 019282DE
                    • minkernel\ntdll\ldrinit.c, xrefs: 019282E8
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-1783798831
                    • Opcode ID: 502e5d65c4c97b3c8f8e6590fcdc3f94c99cf0ff0ad021bfd8d07ec6783a3e85
                    • Instruction ID: 3989e6551677319c03396a791885febb2d1ed987e65ef7b5641852b15c056568
                    • Opcode Fuzzy Hash: 502e5d65c4c97b3c8f8e6590fcdc3f94c99cf0ff0ad021bfd8d07ec6783a3e85
                    • Instruction Fuzzy Hash: 3A412271948311ABC720EB6CDC44B5B7BE8BF95B54F44882AF948D3294EB30DA04CBD2
                    Function 0196C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                    Download Yara Rule
                    Strings
                    • @, xrefs: 0196C1F1
                    • PreferredUILanguages, xrefs: 0196C212
                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0196C1C5
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                    • API String ID: 0-2968386058
                    • Opcode ID: d84304ff89f554b107df35f010635f258a1bd0ac30ff04d1e3c3e9a6527eecc5
                    • Instruction ID: 345c38d5e9f9a04bcf1cf2193ad0fb074c3cdf71bc9f35d684490181368c432b
                    • Opcode Fuzzy Hash: d84304ff89f554b107df35f010635f258a1bd0ac30ff04d1e3c3e9a6527eecc5
                    • Instruction Fuzzy Hash: A7416271E0020AEBDF11DAD8C881FEEBBBCAB14705F14416AFA49E7240D774DA44CB61
                    Function 01944144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                    • API String ID: 0-1373925480
                    • Opcode ID: 78426f5ec8409861a1b7097d7dc3cfd85dd272b0aa07c2f5df5d2e3af718a20a
                    • Instruction ID: ce5ed83a6f85af340839f7e62f882e2897d135b98344dfb1eaacd0c05116fe66
                    • Opcode Fuzzy Hash: 78426f5ec8409861a1b7097d7dc3cfd85dd272b0aa07c2f5df5d2e3af718a20a
                    • Instruction Fuzzy Hash: B9411571A006488FEB26DBD8C840FADBBB8FFA5740F14045ADA09FB791E7359A01CB11
                    Function 01934755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                    Download Yara Rule
                    Strings
                    • minkernel\ntdll\ldrredirect.c, xrefs: 01934899
                    • LdrpCheckRedirection, xrefs: 0193488F
                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01934888
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                    • API String ID: 0-3154609507
                    • Opcode ID: feedbe8f7bb2e71f2d8bbc1831490f64c903ab0b19d408d06e293d5d8003b038
                    • Instruction ID: a7f5e60b9a2c7c741a3d613b90fae6a6f7c4ef005e37750606abf300143526bd
                    • Opcode Fuzzy Hash: feedbe8f7bb2e71f2d8bbc1831490f64c903ab0b19d408d06e293d5d8003b038
                    • Instruction Fuzzy Hash: 3A419E32A147519FCB22CE69D840A27BBE8AFC9B51B070569ED5DD7351D730E800CBD2
                    Function 018C0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                    • API String ID: 0-2558761708
                    • Opcode ID: 02a54669ec5bc5141abab0aba1779bc27dfc832f39ebe8c1e2fd40ecb1ccf64f
                    • Instruction ID: 586c0827dff8a6a0e2728d9b24027b79fbc8a2de9658fc77ccb9b8795e13bf98
                    • Opcode Fuzzy Hash: 02a54669ec5bc5141abab0aba1779bc27dfc832f39ebe8c1e2fd40ecb1ccf64f
                    • Instruction Fuzzy Hash: 4411023539410ADFEB29DA18C480F76B3A4EF82F56F1A801DF00ACB299DB30D981C741
                    Function 019320DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                    Download Yara Rule
                    Strings
                    • LdrpInitializationFailure, xrefs: 019320FA
                    • Process initialization failed with status 0x%08lx, xrefs: 019320F3
                    • minkernel\ntdll\ldrinit.c, xrefs: 01932104
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-2986994758
                    • Opcode ID: 551bcc5caae4bcfb1cc0b657d946e5b86f7c588b63ecd92f9225c06468a0584c
                    • Instruction ID: 726bde9819d048128ac1677d51d08a9b091369ec159818bad7e9f85cc4086a7e
                    • Opcode Fuzzy Hash: 551bcc5caae4bcfb1cc0b657d946e5b86f7c588b63ecd92f9225c06468a0584c
                    • Instruction Fuzzy Hash: 03F0C835640308BBEB24E74CCD46FA67B6CFB80B54F540059F704BB285D2B0A644C691
                    Function 018C03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: #%u
                    • API String ID: 48624451-232158463
                    • Opcode ID: 6f30c849c171fc05974b5c5fcac706ea2437bfa00ef8223b990db8773b777839
                    • Instruction ID: 31b20ca472e0c6473e451037e185c2117440968cc8dd8e4bb81866c3e7e6d971
                    • Opcode Fuzzy Hash: 6f30c849c171fc05974b5c5fcac706ea2437bfa00ef8223b990db8773b777839
                    • Instruction Fuzzy Hash: 3D714B71A0014A9FDB05DFA8C990BAEBBF8FF58744F144069E905E7251EB34EE41CBA1
                    Function 018BA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                    Download Yara Rule
                    Strings
                    • LdrResSearchResource Enter, xrefs: 018BAA13
                    • LdrResSearchResource Exit, xrefs: 018BAA25
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                    • API String ID: 0-4066393604
                    • Opcode ID: 4b54acfd2b1e62fbaa055bffc54d0d4a5117416b5597d6507aff813b837bafc3
                    • Instruction ID: f0e1bfca3e8073c5dbf9363d7265f2e8c060ce4fb16024cd02c399f3391b8c3f
                    • Opcode Fuzzy Hash: 4b54acfd2b1e62fbaa055bffc54d0d4a5117416b5597d6507aff813b837bafc3
                    • Instruction Fuzzy Hash: 3DE17E71E0021DAFEB26DF99C980BEEBBB9BF44314F10442AE915E7355D7349A80CB60
                    Function 0197A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: `$`
                    • API String ID: 0-197956300
                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                    • Instruction ID: ff53965e9b02c789276c1599e82d46d2fb8f347558fccf25f8f7e6f0f534bebb
                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                    • Instruction Fuzzy Hash: 5EC1D0312043429BEB25CF28C845B6FBBE9AFD4719F084A2DF69ACB290D775D505CB42
                    Function 0192E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID: Legacy$UEFI
                    • API String ID: 2994545307-634100481
                    • Opcode ID: 9fbaa9f3f1f3c7f3a4b94921ee464cbe51daf58cd9fc2b06a9691d1d33d1bf50
                    • Instruction ID: c1f8807a552185160d65880efd5410636a704ffd17005d582fe33cf4af99b222
                    • Opcode Fuzzy Hash: 9fbaa9f3f1f3c7f3a4b94921ee464cbe51daf58cd9fc2b06a9691d1d33d1bf50
                    • Instruction Fuzzy Hash: 7F615C71E002299FDB15DFA9C880BAEBBB9FB44700F14446DE649EB295D771A900CB51
                    Function 019543D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$MUI
                    • API String ID: 0-17815947
                    • Opcode ID: 8915a6cc3d3307cd2617ab77abb90b9e47753605588760e7d86ccb2c0e2b4175
                    • Instruction ID: a3b050f767e37b0943f0b96aa1cd0491dc7ac085418a94d70d8b31f6ae1526ba
                    • Opcode Fuzzy Hash: 8915a6cc3d3307cd2617ab77abb90b9e47753605588760e7d86ccb2c0e2b4175
                    • Instruction Fuzzy Hash: E5512871E0021DAEDF51DFA9CC84AEEBBBDEB44754F100529EA15FB290E6309E45CB60
                    Function 018B04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                    Download Yara Rule
                    Strings
                    • kLsE, xrefs: 018B0540
                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018B063D
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                    • API String ID: 0-2547482624
                    • Opcode ID: b56c5f9720e371ddac6cc87c6936c4c39bb4bbd866ac3fe1bf26ce6de19a05b2
                    • Instruction ID: 6df1f5d946d592292f6a079863906dff593c38c5518077d8bef17f5ae06a0187
                    • Opcode Fuzzy Hash: b56c5f9720e371ddac6cc87c6936c4c39bb4bbd866ac3fe1bf26ce6de19a05b2
                    • Instruction Fuzzy Hash: 705188715047468BD724EF68C4806E7BBF4AF85304F10883EFAAAC7741E770A645CB92
                    Function 018BA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                    Download Yara Rule
                    Strings
                    • RtlpResUltimateFallbackInfo Exit, xrefs: 018BA309
                    • RtlpResUltimateFallbackInfo Enter, xrefs: 018BA2FB
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                    • API String ID: 0-2876891731
                    • Opcode ID: 212517a513571673808981829fa87ecc97e3f6ed24b9fc4a15e26c0871b7e7d9
                    • Instruction ID: fdb37b9beb916ee38d6e9d251127ffd45b58997edddf0bb6c580b792bf6417e1
                    • Opcode Fuzzy Hash: 212517a513571673808981829fa87ecc97e3f6ed24b9fc4a15e26c0871b7e7d9
                    • Instruction Fuzzy Hash: 0B41E230A05649DBDB19DF5DC880BAEBBB8FF89704F244069E904DB395E375DA40CB41
                    Function 018EA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID: Cleanup Group$Threadpool!
                    • API String ID: 2994545307-4008356553
                    • Opcode ID: f87c11ec936dd6461cc974da4f2a7482566904757c4ea97d43e287a35dd59ab7
                    • Instruction ID: 5a6dd513bea736dc0c80532f0070fdb849a80e99bde65e11e16b7bc8db0a40db
                    • Opcode Fuzzy Hash: f87c11ec936dd6461cc974da4f2a7482566904757c4ea97d43e287a35dd59ab7
                    • Instruction Fuzzy Hash: CA01D1B2244704AFD311DF14CE49B1677E8FB86B15F058979A658C71A0E334DA04CB46
                    Function 018BC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: MUI
                    • API String ID: 0-1339004836
                    • Opcode ID: 14798fd81e01fedfdf33193e4042a745b108c956bc4a0c7b337742e918231138
                    • Instruction ID: 2e2303680e74f006bb91ac11c093b4d7c5084bf2dfd1798318c87b6c0cb1d18f
                    • Opcode Fuzzy Hash: 14798fd81e01fedfdf33193e4042a745b108c956bc4a0c7b337742e918231138
                    • Instruction Fuzzy Hash: 64825975E002199FEB25CFA9C8C0BEDBBB1BF48314F14816AE959EB351D734AA41CB50
                    Function 01936420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: ab343d623765d790c743db7932e32cb4bb2427b12ffbb956d7e30a4306108770
                    • Instruction ID: 3a37d2b7a0262eda4301ab8eae74b303fb592c2eb54297d5d5a12a0c716e5392
                    • Opcode Fuzzy Hash: ab343d623765d790c743db7932e32cb4bb2427b12ffbb956d7e30a4306108770
                    • Instruction Fuzzy Hash: 119162B1A00219BFEB21DB99CC85FAE7BB8EF55B50F154065F604EB190D674EA00CBA1
                    Function 0195E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: ceabd355b473c80dc204b525b44a520900a4400f08fb585dee73d3594d00cdac
                    • Instruction ID: 5f348765fc38d49bbe09a3785e86ecff307093c4ed79fddd30352223ab92042c
                    • Opcode Fuzzy Hash: ceabd355b473c80dc204b525b44a520900a4400f08fb585dee73d3594d00cdac
                    • Instruction Fuzzy Hash: 81919172901609AFDB26EBA9DC44FAFBB79EF85740F100019F909B7251E7359A01CB51
                    Function 018EA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: GlobalTags
                    • API String ID: 0-1106856819
                    • Opcode ID: 5c9aac2df57ff768e94b57f6b982a78ef4a0c2d0117cdf28eeebaca7c82d9651
                    • Instruction ID: a431afcec5df68d7309f773db32bd1f81517b429d592bc117c4656b3c4cfa2c6
                    • Opcode Fuzzy Hash: 5c9aac2df57ff768e94b57f6b982a78ef4a0c2d0117cdf28eeebaca7c82d9651
                    • Instruction Fuzzy Hash: A6718075E0032ACFDF28CF9CD580AADBBB5BF48701F14812EE909A7645E7709941CB50
                    Function 01954978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: .mui
                    • API String ID: 0-1199573805
                    • Opcode ID: 7397b8ec2658ca4469c9781790222297b2cd3b1134d48889e8423fa0064c5243
                    • Instruction ID: 6452b3421898af06959d17375d80c5139cb9705e5686d2274334dae24bce745b
                    • Opcode Fuzzy Hash: 7397b8ec2658ca4469c9781790222297b2cd3b1134d48889e8423fa0064c5243
                    • Instruction Fuzzy Hash: 90518672D0022A9BDF95DFADD844AEEBBB4AF04B14F054129EE15F7340E7349941CBA4
                    Function 018CE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: EXT-
                    • API String ID: 0-1948896318
                    • Opcode ID: e8f1bac9b3d82a01e213a792219eef4575032c9ca26c173e794dfce4b597039c
                    • Instruction ID: c9919deb83f900b0df3d1dd26f3e2b39a37e8135b5123213dc2146372640097d
                    • Opcode Fuzzy Hash: e8f1bac9b3d82a01e213a792219eef4575032c9ca26c173e794dfce4b597039c
                    • Instruction Fuzzy Hash: EF4185725093069BD721DA79C984B6FBBE8AF88B18F44092DF684E7140EB74DB04C797
                    Function 0192C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: BinaryHash
                    • API String ID: 0-2202222882
                    • Opcode ID: 18290be982a1f22c97ac0813a313158f12952ccacf4f5f613fc147bc564e192c
                    • Instruction ID: eec14ea9f1fc9b62d4d5e12ed3cd147dc253c97bd1787473c7e3cf7c510441ed
                    • Opcode Fuzzy Hash: 18290be982a1f22c97ac0813a313158f12952ccacf4f5f613fc147bc564e192c
                    • Instruction Fuzzy Hash: A74143B1D0052DABDB21DA54CC84FDEB77CAB44714F0085A5EB0CAB140DB709E898FA5
                    Function 019307C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: dcu
                    • API String ID: 0-171892573
                    • Opcode ID: 189f5bc8c6275492769f3a62b9b9e05fa9478b9ae809d3531193f56b6b4591ed
                    • Instruction ID: 7ad54fa110e5b7d8f3ebf87de3cef2896ec697d978fc6d934bac77a3a694db49
                    • Opcode Fuzzy Hash: 189f5bc8c6275492769f3a62b9b9e05fa9478b9ae809d3531193f56b6b4591ed
                    • Instruction Fuzzy Hash: FC418A72A08301ABD720DF29C844B9BBBE8FF88764F044A2EF598D7250D7709904CB92
                    Function 01946B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: #
                    • API String ID: 0-1885708031
                    • Opcode ID: 06cd81ef064d8051617dd1c0bae23dac52561f8ee32a8385996c150584ae4362
                    • Instruction ID: 6d35e9bea5f6f3022cf8c1836c538149e4a0a0d39a646da2893b8f365f6de9be
                    • Opcode Fuzzy Hash: 06cd81ef064d8051617dd1c0bae23dac52561f8ee32a8385996c150584ae4362
                    • Instruction Fuzzy Hash: FD312671E007199BEB22CF6CC850FAE7BA8DF06705F10402CEA48AB282C775ED05CB94
                    Function 0192CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: BinaryName
                    • API String ID: 0-215506332
                    • Opcode ID: dee0ccbbdb713b3c3a9b76fcecc46bd2cdf184c419e97c339fdd40023a385c94
                    • Instruction ID: 332bf3a65a01d7714056468b3c17225255c4a04b6214a949ac0174bc3df28aff
                    • Opcode Fuzzy Hash: dee0ccbbdb713b3c3a9b76fcecc46bd2cdf184c419e97c339fdd40023a385c94
                    • Instruction Fuzzy Hash: 7431063690052AAFEB16DB5DC855E7FBB78EF80760F018129E909A7250D730EE04DBE1
                    Function 0193892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                    Download Yara Rule
                    Strings
                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0193895E
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                    • API String ID: 0-702105204
                    • Opcode ID: 655d215f359eee8726de99b83331248cbb3563635bb449e21c0b1ff0790426e2
                    • Instruction ID: faa992d9e3a4db793dfcf7484b9d33315ef5a3abba4832eb115d51978b97dec5
                    • Opcode Fuzzy Hash: 655d215f359eee8726de99b83331248cbb3563635bb449e21c0b1ff0790426e2
                    • Instruction Fuzzy Hash: 2701F735304201ABE6206A599CC4B9A7B69FFC1755B45062CFA4956251CB206C45C7D3
                    Function 01952000 Relevance: .8, Instructions: 757COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5a04679e6c4544695fd9103d52d0058d9dd156659b1d2b99de865ac0060484e9
                    • Instruction ID: 61ccff7a77cfb514691037d7897421ae20cb9691b978b1cbb59223382272d963
                    • Opcode Fuzzy Hash: 5a04679e6c4544695fd9103d52d0058d9dd156659b1d2b99de865ac0060484e9
                    • Instruction Fuzzy Hash: 4542C336608341DBD765CF68C890A6FBBE9BF88740F08492DFE8AA7250D770D945CB52
                    Function 01948158 Relevance: .6, Instructions: 617COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b3f5e781ffd5547c133c6501afe1908238fa217165890ed0af4c48572a5a239d
                    • Instruction ID: b51d271eba0f7726f6e6959f6815760e8ef375c9db6ed6ec6fd9ccff4532e003
                    • Opcode Fuzzy Hash: b3f5e781ffd5547c133c6501afe1908238fa217165890ed0af4c48572a5a239d
                    • Instruction Fuzzy Hash: DC426D75E002199FEB25CFA9C881BADBBF5BF88301F148199E94DEB242D7349981CF50
                    Function 018C2840 Relevance: .6, Instructions: 605COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d753544978296b81f3c78f45c49bb4b02acb33e47dd1666263ff5c9a90005015
                    • Instruction ID: 4fa40db88e08227b11dc303d376204416e7155bb3265a8a9408e0b14cd01594c
                    • Opcode Fuzzy Hash: d753544978296b81f3c78f45c49bb4b02acb33e47dd1666263ff5c9a90005015
                    • Instruction Fuzzy Hash: 30321270E007598FEB25CF69C844BBEBBF6BF84704F14451DD88A9B288D7B4A985CB50
                    Function 0195A118 Relevance: .6, Instructions: 591COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 35133b5c60c17ab8febceda588726a820a8bcd462b27e01d6c960ce309cea1c8
                    • Instruction ID: 9f01e8c9be6b99f59c6a77b7a30ebb2ed0afb1a7b363c568313495252a70f4f0
                    • Opcode Fuzzy Hash: 35133b5c60c17ab8febceda588726a820a8bcd462b27e01d6c960ce309cea1c8
                    • Instruction Fuzzy Hash: 5622D2706046518FEBA5CF2DC050B76BBF5BF44345F088A59DD8AAF286E335D442CB68
                    Function 018D8DBF Relevance: .6, Instructions: 554COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a37fc1e7d937b1d4a74690cd3152647699fe6ffd9a2698bbd38cb97b15b9a7f8
                    • Instruction ID: 9ea732a1534c62fd68021d416a028824df61f82a5031f8e22657976801c04d24
                    • Opcode Fuzzy Hash: a37fc1e7d937b1d4a74690cd3152647699fe6ffd9a2698bbd38cb97b15b9a7f8
                    • Instruction Fuzzy Hash: 32226E70E0021ADBCB15CF99C4809BEFBF6BF45714B54809AE959DB245E734EE81CBA0
                    Function 018B6A50 Relevance: .5, Instructions: 548COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2cad5992563ade8e931fcc3cbde5f58140bfe021f97007658ace93f527d24768
                    • Instruction ID: 3d8c18d6635bdc49cfe9a4bc750a868d7535e0ac3549378efa924a966ba1864f
                    • Opcode Fuzzy Hash: 2cad5992563ade8e931fcc3cbde5f58140bfe021f97007658ace93f527d24768
                    • Instruction Fuzzy Hash: 79329C71A04209DFDB25CF68C480BAABBF5FF48304F244569EA5AEB395E734E941CB50
                    Function 018D4A35 Relevance: .4, Instructions: 423COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                    • Instruction ID: 3565c9dd274e0a0846b0d71c72482786516d80c35d1209d7c3503cdcf81885cb
                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                    • Instruction Fuzzy Hash: 80F18F70E0030A9BDB15CFA9C580BAEBBFABF48714F088169E905EB755E774D941CB60
                    Function 0194892B Relevance: .4, Instructions: 386COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2b4192a55afe83d818b07aa789f03acf6ab32b3f1dbd252feddea97f126fa907
                    • Instruction ID: 57d6023764c0f7ee80a2189c8041bad3f87c17273d3c0bdf0cebbc0c6dd5ec5f
                    • Opcode Fuzzy Hash: 2b4192a55afe83d818b07aa789f03acf6ab32b3f1dbd252feddea97f126fa907
                    • Instruction Fuzzy Hash: 4DD11071E0060A8FDF09CFA8C841EFEB7F5AF88305F188529D959E7241E735E9028B60
                    Function 018B65D0 Relevance: .4, Instructions: 383COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6bafd88a0b70765a21c106b1c15de27208917f3dd5ce8aeccf720bae4524206f
                    • Instruction ID: d6ad8d5f8f49828d5ac4cd9562d1e1417bccf23dd62a0d00da3ef12144ae6a13
                    • Opcode Fuzzy Hash: 6bafd88a0b70765a21c106b1c15de27208917f3dd5ce8aeccf720bae4524206f
                    • Instruction Fuzzy Hash: CFE17E71508346CFC715CF28C0D0AAABBE1BF89318F158A6DE599C7351EB31EA45CB92
                    Function 018A8397 Relevance: .4, Instructions: 380COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ee6970a6d5d72c813b8ee6dd1f950ac83a46789a30ea1a080e63f2bdfe552282
                    • Instruction ID: 71da427971593032b8d3fabe01f92368307f558cefb890d83f3581b745c9d480
                    • Opcode Fuzzy Hash: ee6970a6d5d72c813b8ee6dd1f950ac83a46789a30ea1a080e63f2bdfe552282
                    • Instruction Fuzzy Hash: B7D1F471A0060A9FEB15DF28C880FBA7BB5FF5531AF44452DE916DB280EB34DA50CB61
                    Function 01938243 Relevance: .3, Instructions: 322COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                    • Instruction ID: 77adc250da13b5056326eff9975137eff362a28dd438465d5a9c069851e3a175
                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                    • Instruction Fuzzy Hash: CDB17E74A00609AFDF24DB99C944EABBBB9FFC4344F10456DBA1AD7790DA34E909CB10
                    Function 018C0535 Relevance: .3, Instructions: 300COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                    • Instruction ID: 4ee570b2d5e8ed1170edc7f55f00de799328c2a8543225282f4ed3824c7e4b43
                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                    • Instruction Fuzzy Hash: F2B1173560064ADFDB15CBA8C850BBEBBFAAF88704F154158E655D7385D730EE81CB50
                    Function 018B83C0 Relevance: .3, Instructions: 281COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4386cb1f8ced6dbb03c1ccd4e5ab1a65cde17fafb698c304cabc90d2dc232126
                    • Instruction ID: 79925c3ab6500fcc97e01b7074ad68852d711f345a1fcfb043f93fecbaa6df91
                    • Opcode Fuzzy Hash: 4386cb1f8ced6dbb03c1ccd4e5ab1a65cde17fafb698c304cabc90d2dc232126
                    • Instruction Fuzzy Hash: A6C157745083458FE764DF18C484BABB7E8BF88304F44496DEA89C7391E774EA44CB92
                    Function 018AC427 Relevance: .3, Instructions: 280COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a2ef3b081e40d2ac1230c1973d57da51e86dcc523fcc1b12506e002713d1747e
                    • Instruction ID: 2dccd103b7de3a391aecf9265c0b7c5063aa068fe2ab500e2c0a627cd2ed4a96
                    • Opcode Fuzzy Hash: a2ef3b081e40d2ac1230c1973d57da51e86dcc523fcc1b12506e002713d1747e
                    • Instruction Fuzzy Hash: E5B17370A002598BEB65CF58C890BA9B3B5FF44704F4485E9E54AE7281EB34DE85CB61
                    Function 018DE5E7 Relevance: .3, Instructions: 278COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d9e9e21839b7512b8701543341b1d1db962d7d122844e131c388f5d7417a93c5
                    • Instruction ID: 3c1dd961cf7536aec25b56b271efa2799567c1efbc9ad36b160b0075b8dea3cf
                    • Opcode Fuzzy Hash: d9e9e21839b7512b8701543341b1d1db962d7d122844e131c388f5d7417a93c5
                    • Instruction Fuzzy Hash: C1A11431E0471D9FEB22DB9CC844BAEBBA8BF00714F050125EA15EB295D7789E85CBD1
                    Function 018F0185 Relevance: .3, Instructions: 276COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5af90bbd8cbe9819fbc297396ed5dde481d8e50aecee4f6b9bba60a2606eb24c
                    • Instruction ID: 339c1d0ef559adc06ef4f75233fe04442b38d53b90884f58a29bf9bac10c0ff8
                    • Opcode Fuzzy Hash: 5af90bbd8cbe9819fbc297396ed5dde481d8e50aecee4f6b9bba60a2606eb24c
                    • Instruction Fuzzy Hash: 53A1D470B0062A9FDB25CF69C890BAAB7E6FF54319F14402DEB05D7282DB34EA11C750
                    Function 01984500 Relevance: .3, Instructions: 275COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: af67a133d77808c7d741f1d1d409c6156e2fd782653c323e86a0a7878bb933f7
                    • Instruction ID: 35be274c520e6a9d5f1e85be541765b207a25b75020b178d838439ee537f8a1f
                    • Opcode Fuzzy Hash: af67a133d77808c7d741f1d1d409c6156e2fd782653c323e86a0a7878bb933f7
                    • Instruction Fuzzy Hash: 0CA1CC72A14212EFC722EF18C980B5ABBE9FF58705F45492CE589DB651D334ED01CB92
                    Function 019360E0 Relevance: .3, Instructions: 264COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c777324b51680249e185bf8092797e93fa628c03d1ffecceb922f65ce1a892d2
                    • Instruction ID: 31d55a9a0e6c7e6b3ed7081524b0965ce928aa24b56c15664bd1b53667762c76
                    • Opcode Fuzzy Hash: c777324b51680249e185bf8092797e93fa628c03d1ffecceb922f65ce1a892d2
                    • Instruction Fuzzy Hash: DF918471E0021ABFDB15CFA8D884BAEBFB9AF89710F154159E614EB341D734DB009BA0
                    Function 018CE3F0 Relevance: .3, Instructions: 261COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5fe893a59755301eb1c849ded240962dfbb2e80dcb7ff3bbcf6e6c2b2d28bad1
                    • Instruction ID: 18b7ea4de006b1bd0940dbe4159c6a56ed3ff267d2fc1e706afc00f300b2fbe8
                    • Opcode Fuzzy Hash: 5fe893a59755301eb1c849ded240962dfbb2e80dcb7ff3bbcf6e6c2b2d28bad1
                    • Instruction Fuzzy Hash: 54910632A0061ACBEB24DB5CC484B79BFA6EF94B18F05406DFD09DB285E634DA41C792
                    Function 01906ACC Relevance: .2, Instructions: 226COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 92f461a0644910a9365b93231c4d89e2e1cdaf89c38c5897288709c9b6aaab3b
                    • Instruction ID: 85d2b5f80723320ddf4b5c0c37faf4878d90e1633651fd0559e1a39c4630c7b9
                    • Opcode Fuzzy Hash: 92f461a0644910a9365b93231c4d89e2e1cdaf89c38c5897288709c9b6aaab3b
                    • Instruction Fuzzy Hash: 398182B1E006169FDB25CF69C940ABEBBF9FB48700F04852EE549E7680E734D951CBA4
                    Function 0197AB40 Relevance: .2, Instructions: 222COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                    • Instruction ID: 62b348d6596108aec58136591dfdbb116acba07daa0245b04dba01205a39538f
                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                    • Instruction Fuzzy Hash: DE816F71A0020A9FDF19CF99C890ABEBBB6FF84311F1C8569D91A9B385D734E901CB54
                    Function 018EE284 Relevance: .2, Instructions: 212COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5f951ae97dc5f55d57d402bcce39397383276e1fbe80a021294947b707602f9c
                    • Instruction ID: aa32259cc912b46eb1fff97508f60cb52e3f6211e3f354b1d831f0450118c867
                    • Opcode Fuzzy Hash: 5f951ae97dc5f55d57d402bcce39397383276e1fbe80a021294947b707602f9c
                    • Instruction Fuzzy Hash: C8817D71A00619AFDB25CFA9C884BEEBBFAFF48314F104429E559E7250D730AD45CB60
                    Function 018CC640 Relevance: .2, Instructions: 206COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e8c3864081aa554cd27dd9d57c17e1c796f094a011586974809f2d6d21c63400
                    • Instruction ID: d3b437b06670325fc18b56decfe1191f540db7ef5783c22596803a51f1bb0c49
                    • Opcode Fuzzy Hash: e8c3864081aa554cd27dd9d57c17e1c796f094a011586974809f2d6d21c63400
                    • Instruction Fuzzy Hash: D071DE79D04229DBCB25CF59C990BBEBBB4FF48B10F54411EE94AAB354D730A944CBA0
                    Function 019647A0 Relevance: .2, Instructions: 202COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 57930a83b3d9391d7353cab13c7d0573af0c236863bd4fe510df8166ec8b9894
                    • Instruction ID: 37b6061633da9596eaa39930975dfe1f9f1a5cb98689687a8cdbc052c2dcd939
                    • Opcode Fuzzy Hash: 57930a83b3d9391d7353cab13c7d0573af0c236863bd4fe510df8166ec8b9894
                    • Instruction Fuzzy Hash: 2871A270904205EFDB24DFE9C944A9EBBFDFF91741F48415AE618AB298C731C944CBA4
                    Function 018C260B Relevance: .2, Instructions: 201COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9ebd965f4dfb7dcc52398eab3df14cfc75c5e917bea25ded4668ce054837d3a0
                    • Instruction ID: a2009fb2a181ae06098dd9563fb6d9309e06f4224075a951fd0fa505528af003
                    • Opcode Fuzzy Hash: 9ebd965f4dfb7dcc52398eab3df14cfc75c5e917bea25ded4668ce054837d3a0
                    • Instruction Fuzzy Hash: 5C71C1356046428FD312DF2CC480B6AB7E6FF84714F0485A9E899CB396DB74DE46CBA1
                    Function 0193035C Relevance: .2, Instructions: 198COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                    • Instruction ID: 80abed6973ce8f5b3a2bb581f1de9aaa642ba3912e8894ca80e039b56fd76136
                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                    • Instruction Fuzzy Hash: 95716071A00619EFDB11DFA9C944EDEBBB9FF98700F144569E909E7290DB34EA01CB50
                    Function 019462A0 Relevance: .2, Instructions: 198COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 31d84054c95efb945b34008a2ba9842d7d756f486594e14750f5cbd7c5da9631
                    • Instruction ID: 345b9468c1fe87893c9fc6a9c9df9d79af2b858c1d7f32fa7b446095dfffddd0
                    • Opcode Fuzzy Hash: 31d84054c95efb945b34008a2ba9842d7d756f486594e14750f5cbd7c5da9631
                    • Instruction Fuzzy Hash: 6471F3B2200701AFEB32DF18C844F5ABBFAEF45B21F15491CE65A872A0D775E944CB50
                    Function 018B8AA0 Relevance: .2, Instructions: 197COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3ed17e95dcbbd2f5aac3938158e6d9b0bca212e2ccc9b093e6e8e4ec06714d96
                    • Instruction ID: 490ac426072c15dfa4fd7189f3c5bf16b3849ca1de611c5f66624e8ee1bde09e
                    • Opcode Fuzzy Hash: 3ed17e95dcbbd2f5aac3938158e6d9b0bca212e2ccc9b093e6e8e4ec06714d96
                    • Instruction Fuzzy Hash: 8181C271A0830ACFDB28DF98D484BAD77B9BF49314F69452DD904AB385C774AE81CB90
                    Function 018ECDB1 Relevance: .2, Instructions: 197COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a22975208a7717f94296e4609f3ebf6fd2eaed3bc66fad70b66ea764bdb445f2
                    • Instruction ID: c7eac137782474462f7a882bfa342cf9897817d89df62f45eb54cccf91adf389
                    • Opcode Fuzzy Hash: a22975208a7717f94296e4609f3ebf6fd2eaed3bc66fad70b66ea764bdb445f2
                    • Instruction Fuzzy Hash: 6361EF71E002169FCB19DF6CC884AAEB7F9FF09314F108169E616EB295DB31DA01CB90
                    Function 018DEDD3 Relevance: .2, Instructions: 166COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4b487b9e29c6e0d40c3728b5f50424b6d6e91feb7daad9f6c2ce3a1f2966032b
                    • Instruction ID: d14c759ec9bb94b35fa08e1f8189e7605dc9ac4c6ceda1a7b45b916d9b2d87ad
                    • Opcode Fuzzy Hash: 4b487b9e29c6e0d40c3728b5f50424b6d6e91feb7daad9f6c2ce3a1f2966032b
                    • Instruction Fuzzy Hash: C951BB712007499FDB21EF5DC884A6BB7A9BB54709F50482DE106CBA51CB74EA88CB91
                    Function 01978DAE Relevance: .2, Instructions: 162COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 17c5edc7232ef5c890e5e214427b4415151badcdc93b89dec21656196dab250f
                    • Instruction ID: f8261c051b70bcd17d12bd3fe93c72f4058d8d4cdfd959c1d46a0d3340d54957
                    • Opcode Fuzzy Hash: 17c5edc7232ef5c890e5e214427b4415151badcdc93b89dec21656196dab250f
                    • Instruction Fuzzy Hash: 2D51D3716047029FD711DF28C844BAABBE9FF84351F04892CFA89D7290D734E909CB96
                    Function 01958350 Relevance: .2, Instructions: 161COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e8a0a784a43416834926717ddbd0b4e98d1442ad9760255c642569a3ed741e4
                    • Instruction ID: a1778a7b3d2ac33e49a89f0ee0c9b4051560f9131b7cde5814e9ac59e2275235
                    • Opcode Fuzzy Hash: 6e8a0a784a43416834926717ddbd0b4e98d1442ad9760255c642569a3ed741e4
                    • Instruction Fuzzy Hash: EC51E170900705DFD761DF5AC884A6BFFF8BF94B10F104A1EEA5AA76A1C770A541CB50
                    Function 018EE443 Relevance: .2, Instructions: 158COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2b3eea7ceb2395359fc94f7a0a2791a54ec6a150352deaae5a0068a43743b2e8
                    • Instruction ID: 5dc7df593539817aa889781599c6f496bc777a3dc66dad7f30110fe8f1039f9f
                    • Opcode Fuzzy Hash: 2b3eea7ceb2395359fc94f7a0a2791a54ec6a150352deaae5a0068a43743b2e8
                    • Instruction Fuzzy Hash: 11517831200A15DFCB22EF69C984EAAB3F9FF15788F40442DEA46C7261E734EA41CB51
                    Function 01954180 Relevance: .2, Instructions: 156COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4e0693d42d8870fcdcdbdbbafc4123c8321d5b953c7f9a26ab856413b25d5739
                    • Instruction ID: 062311897b00650051010ca13fa77d43ad9d45e190f1c4924cddbef378193287
                    • Opcode Fuzzy Hash: 4e0693d42d8870fcdcdbdbbafc4123c8321d5b953c7f9a26ab856413b25d5739
                    • Instruction Fuzzy Hash: DB517B716083028FD794DF29D980A6BB7E9BFC8304F44492DF989D7261E730DA45CB92
                    Function 018D45B1 Relevance: .2, Instructions: 156COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                    • Instruction ID: 430d6159a4bc3b0cd1a06bb05a7fbf38af10b72ac4c17f562c8c933dbd768741
                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                    • Instruction Fuzzy Hash: 51518B71E0021EABDF15DF98C440BEEBBB9AF45754F15806AEA05EB640D734DE44CBA0
                    Function 0193E9E0 Relevance: .2, Instructions: 154COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                    • Instruction ID: c836cb3a881efb68ecdcf9c7372ecfa33ad7b1cb7017dbac107ebcc93d4a04e6
                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                    • Instruction Fuzzy Hash: D051CA31D0020EEFEF16DF95C880FAEBB79AF80315F154655D61AA7190D7309E408BA1
                    Function 01978B28 Relevance: .2, Instructions: 152COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ac6f91ef6ef3dfea80f26bd1cc244a94ae47d5ff39f5204068c14ffff22d63a2
                    • Instruction ID: 40460ef730c2225e52140c9ae5b67937270d77559b4bfa6dead97fec40364c50
                    • Opcode Fuzzy Hash: ac6f91ef6ef3dfea80f26bd1cc244a94ae47d5ff39f5204068c14ffff22d63a2
                    • Instruction Fuzzy Hash: 2441D571B01611ABE729DB2DC898F7BBB9EEFD0621F0C8619E95D87280DB34D801C791
                    Function 0193CBF0 Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 73d38028aa9aa1b6b0f1e265b11ec6f2c88ffb82b99234fca0b383c9e328be4e
                    • Instruction ID: 0a769e820a7dee47c8a26c8deb685dfdc73001a928c6105957eb5a6a867ee020
                    • Opcode Fuzzy Hash: 73d38028aa9aa1b6b0f1e265b11ec6f2c88ffb82b99234fca0b383c9e328be4e
                    • Instruction Fuzzy Hash: 5F518E72900616DFCB20DFADC98499EBBB9FF88315B55491AE519B7300D734AE01CBD1
                    Function 018EA430 Relevance: .1, Instructions: 139COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0d937b0d2be4407a3877b4459486bf4dd95d727033e25feab7c5e663da8f9165
                    • Instruction ID: cccc6554def45479adf4163c7a4a700d65003f6f8459ea8aad3974d913553d03
                    • Opcode Fuzzy Hash: 0d937b0d2be4407a3877b4459486bf4dd95d727033e25feab7c5e663da8f9165
                    • Instruction Fuzzy Hash: C14125716442069BDB29EFAC98C4B6A37A4FF96B1CF41002CFE06DB245D7719A04C7D1
                    Function 0197A9D3 Relevance: .1, Instructions: 139COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                    • Instruction ID: 0381bdcfebfd82256216160e78fdc9e5bc61e5b8e63e7430aca0f8eca994f198
                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                    • Instruction Fuzzy Hash: 5441F9726007169FD729DF28C984A6FB7AAFF90311B09462EE95A87240EB30FD14C7D1
                    Function 018E01F8 Relevance: .1, Instructions: 138COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fce7195049d38c887b06889660390a4a21e8e23c07089e5e233f9794e7dc2aa3
                    • Instruction ID: 35a5d355ab18ffe5bd9021cfc8eab67dee2dcb3bb4801cf9912366ef9f0fe424
                    • Opcode Fuzzy Hash: fce7195049d38c887b06889660390a4a21e8e23c07089e5e233f9794e7dc2aa3
                    • Instruction Fuzzy Hash: 9241DE32A01219DBDB12DF98C444AEEB7F4BF4A714F14852AF819F7240D7B49E42CBA4
                    Function 018DEBFC Relevance: .1, Instructions: 138COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1d7e14958bab5030de17125f5d8cc618d147fcb6db8a8c37f49f3608b912d885
                    • Instruction ID: 7fe42343e97faac278e606a092762d39fa734e6b6e035beb7031966d1afb024c
                    • Opcode Fuzzy Hash: 1d7e14958bab5030de17125f5d8cc618d147fcb6db8a8c37f49f3608b912d885
                    • Instruction Fuzzy Hash: 1941E3712143099FD720EF2CC884A2BB7E9FF88318F44482DE55BCB255DB35E9498B51
                    Function 018F2750 Relevance: .1, Instructions: 137COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                    • Instruction ID: 59a411e2c83133c0e14549ea24f17391e270eeffe2f34aab5f08a5e3798ec84b
                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                    • Instruction Fuzzy Hash: C3516A76A00625CFCB15CF98C480AAEF7B6FF84B10F2481A9D919A7755D730EE42CB90
                    Function 018B6154 Relevance: .1, Instructions: 133COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 85af04963861515fe9d38f9e0e581d105c31ab02caeb78c4b2a894939914685f
                    • Instruction ID: d11bd191873f65b7c0b3472594477af92b5645475e71b1f2cfcfc417e2af238e
                    • Opcode Fuzzy Hash: 85af04963861515fe9d38f9e0e581d105c31ab02caeb78c4b2a894939914685f
                    • Instruction Fuzzy Hash: 5B51C47090021A9BEB25DB2CC844BE8BBB5FF15314F1882A9E529D73D1E7359AC1CF81
                    Function 018B0BCD Relevance: .1, Instructions: 130COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 13a893eb7db54182d077548ea39c704b75318c7a5220ec6a14045c4acc59c05b
                    • Instruction ID: 8eb25a3c4c9ce5afb5feafdb580be37422a505facf3116a4aa03bdfe3740f582
                    • Opcode Fuzzy Hash: 13a893eb7db54182d077548ea39c704b75318c7a5220ec6a14045c4acc59c05b
                    • Instruction Fuzzy Hash: F4417031A002299FDB22DF6CC980BEA77B8EF45750F0504A9E908EB281D774DF84CB91
                    Function 0197866E Relevance: .1, Instructions: 129COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                    • Instruction ID: 2d057e1dfee5d3a55fe4cdce31d2ca9c459ebbf63e1c32d1e22d843b081a3ea4
                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                    • Instruction Fuzzy Hash: DD41C475B10205BBDF15DF99CC89AAFBBBEAF88600F144069E909E7341D670DE00C7A0
                    Function 018B0887 Relevance: .1, Instructions: 128COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 83dd5db5d81d1b3b31d9bd45951acccb9adc62fd2f6f07257cb6255e035c49d3
                    • Instruction ID: b9ec4564d465cc0378f21f04396e39c0f223341b88937a07a5cad97b51331c00
                    • Opcode Fuzzy Hash: 83dd5db5d81d1b3b31d9bd45951acccb9adc62fd2f6f07257cb6255e035c49d3
                    • Instruction Fuzzy Hash: D041BFB16007069FE325CF28C880A67B7F9FF49314B148A6DE55AC6B51E731EA45CB90
                    Function 018DA470 Relevance: .1, Instructions: 127COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f2b540751e13afb583e96f2278a0e0431d5281109cb7c9ce7f891cf104d4b2b1
                    • Instruction ID: 3adc2b8a4a7891c07c734dfe0093437734b7813409731cdfb81a03e99914345d
                    • Opcode Fuzzy Hash: f2b540751e13afb583e96f2278a0e0431d5281109cb7c9ce7f891cf104d4b2b1
                    • Instruction Fuzzy Hash: 0941CE32944309CFDB29DFACC4847AD7BB5BF54324FA80199E411EB295DB749A44CBA0
                    Function 018B8BF0 Relevance: .1, Instructions: 124COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7fbf9138c42e7eccdf2c4fd3df18c7bbd3a23d7e157e1d0500848219ecf87b93
                    • Instruction ID: 9dece9fe18897b84bc96e659d08a6f2f88bebd2e2aaec6447d4e5430f4eb6d7b
                    • Opcode Fuzzy Hash: 7fbf9138c42e7eccdf2c4fd3df18c7bbd3a23d7e157e1d0500848219ecf87b93
                    • Instruction Fuzzy Hash: BA412372A0420ACBD7249F4CC880A9ABBB9FF95704F69802ED510DB355D775EA42CFD0
                    Function 018A8918 Relevance: .1, Instructions: 123COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: be99889eed3a7cfc79a254398f8691fed1ba4df5797d626fd5bd962664dd3ad3
                    • Instruction ID: ea40df5336dc6993d5c1c7f3dd4d081476765192920bbe4499e6573fadf3539a
                    • Opcode Fuzzy Hash: be99889eed3a7cfc79a254398f8691fed1ba4df5797d626fd5bd962664dd3ad3
                    • Instruction Fuzzy Hash: 19417B315083069FE312DF69C840A6BF7E8AF84B54F84092EFA84D7250E730DE058BA3
                    Function 018AA020 Relevance: .1, Instructions: 122COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                    • Instruction ID: 2eeaf51359087b049ddf9e3b374c81e34c79393fbf28d62d36e527ec20c4f4a6
                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                    • Instruction Fuzzy Hash: DE41A035A00215DFFB1AEE1C8440BBABB75EB50755F55806EEB4ACB680D6338F40CB91
                    Function 018B09AD Relevance: .1, Instructions: 122COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 66b918b1d7e1f99d2d57f8b44abe5d1edd26912b397f184294e3301938324d56
                    • Instruction ID: 719922961b034f74aa5091d2b28711d7feb902b4e380d56a3d98049c0bd20661
                    • Opcode Fuzzy Hash: 66b918b1d7e1f99d2d57f8b44abe5d1edd26912b397f184294e3301938324d56
                    • Instruction Fuzzy Hash: 13416C71A00605EFD721DF18C880B66BBF5FF58714F248A6AE449CB391E771EA42CB91
                    Function 018E0710 Relevance: .1, Instructions: 121COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                    • Instruction ID: e8256972e39d1a1375f782ce85163611b7c9af3cabc3177afaf952e3b3f241b4
                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                    • Instruction Fuzzy Hash: E2413871A00609EFDB24CF98C994AAABBF5FF19700B10496DE596DB291D370EA44CF90
                    Function 018B262C Relevance: .1, Instructions: 119COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a14a31cb69b58e3612f278e9e5acf8570a1f89033e45f45ea8845e125f81a009
                    • Instruction ID: 8f0f9d61c86c661255f5fc8b9f9f1f3f011bd6d156aadca786db3358934575d1
                    • Opcode Fuzzy Hash: a14a31cb69b58e3612f278e9e5acf8570a1f89033e45f45ea8845e125f81a009
                    • Instruction Fuzzy Hash: 1D419D71901705CFCB22EF2CC980AA9B7B6FF95314F1481A9C41ADB3A1DB30BA45CB56
                    Function 018EC8F9 Relevance: .1, Instructions: 116COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 77b921e8cb3447c195e2dbb35f732265522111db083111ede8908faa25331528
                    • Instruction ID: 4d9d8acb142b2b8c494e6e09a060bc5a2d66ed5b7b8f439bda504078da32c600
                    • Opcode Fuzzy Hash: 77b921e8cb3447c195e2dbb35f732265522111db083111ede8908faa25331528
                    • Instruction Fuzzy Hash: 583169B1A01345DFDB12DFA8D040799BBF4FB49724F2081AED119DB291D3369A02CB90
                    Function 019305A7 Relevance: .1, Instructions: 111COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8cdf2ddbd6c2953e93047c370cba32e74b51952fe90494154878e7706dc5e607
                    • Instruction ID: 65bb6d902b1fc588d1bca0ebba030842ab1c21217d9b9c4f2cfa95bf959a2523
                    • Opcode Fuzzy Hash: 8cdf2ddbd6c2953e93047c370cba32e74b51952fe90494154878e7706dc5e607
                    • Instruction Fuzzy Hash: 9041A0726046429FD320DF6CC840A6AB7E9FFC8704F184A2DF999D7680E730E905C7A6
                    Function 018B4859 Relevance: .1, Instructions: 111COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b22cda1de496c94279b7eda4ce6badb8489d70ac6aa7c45aee5640c759a8a794
                    • Instruction ID: 7d66cbafc963c782f075d4a6a2a0e08db49a103fe79242fcefda1fd00b6543e6
                    • Opcode Fuzzy Hash: b22cda1de496c94279b7eda4ce6badb8489d70ac6aa7c45aee5640c759a8a794
                    • Instruction Fuzzy Hash: 1F41A0302043069BD725DF1CD8C5B6ABBA9AF80754F14442DEA46CB3A2DB30DA45CB92
                    Function 018C02E1 Relevance: .1, Instructions: 106COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                    • Instruction ID: 0097ff43c34f7b0edf3b065ccf0d9f20c8266c9e67c7ca28a187a9b4b32b8d22
                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                    • Instruction Fuzzy Hash: 84311531A04648AFDB118B7CCC84BDABFE9AF14794F0441A9F419D7352C774DA84CBA1
                    Function 0195E3DB Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1f1352db376b4503571750da1c63018aea25f011f3c8e104d2c79593e22f2582
                    • Instruction ID: d2e5a3fb50cceb99ad48b4b72601340f70b2007ecb845f94214026c93c5f2147
                    • Opcode Fuzzy Hash: 1f1352db376b4503571750da1c63018aea25f011f3c8e104d2c79593e22f2582
                    • Instruction Fuzzy Hash: B231AA75740706ABD722DF598C41F6FBAA9AB59F50F004028FA04FB291DA75DE01C791
                    Function 01964B4B Relevance: .1, Instructions: 104COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b259f2841332796d0f2aee5c85d66a42e281ce4d6d64fe763eebc68d3a422d7f
                    • Instruction ID: a5b2f6c8b74fb5256c382bbc065ae40cb6a954ae7eed5dc6dce2bbd2d14dd448
                    • Opcode Fuzzy Hash: b259f2841332796d0f2aee5c85d66a42e281ce4d6d64fe763eebc68d3a422d7f
                    • Instruction Fuzzy Hash: 1831D6326052018FC321DF6DD880E5ABBF9FF80361F49446EE9598B755D730E844CBA1
                    Function 018B4260 Relevance: .1, Instructions: 102COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 425babf8d814003e25b4c7920f0fa9973d7c1cc38ccc7a1aeea00267e6183037
                    • Instruction ID: c4ad3355f3b8455fea3adead32529525679bba6b057a02fd96aaacbabfe74030
                    • Opcode Fuzzy Hash: 425babf8d814003e25b4c7920f0fa9973d7c1cc38ccc7a1aeea00267e6183037
                    • Instruction Fuzzy Hash: 7141BE312007099FC722CF28C881FD67BE9AF59714F18882DE69ACB351CB35E984CB90
                    Function 01964BB0 Relevance: .1, Instructions: 101COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9424a7e7d89c64d44c571668390ba79f4e9a786999eb503b62d6e74997c4877c
                    • Instruction ID: 3bc6fb8ca15c8f7bc04f23babd9a60edbcdeec6d1086f11bd1a17da3e078505c
                    • Opcode Fuzzy Hash: 9424a7e7d89c64d44c571668390ba79f4e9a786999eb503b62d6e74997c4877c
                    • Instruction Fuzzy Hash: 07319E71A042018FD320DF68C880E6ABBE9FB84710F09496DF9599B394E734ED04CBA2
                    Function 0192EB1D Relevance: .1, Instructions: 100COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e11ca9574a4851814e644d030b0576f526eb1ea271f5e5bfbd3ff465592f193f
                    • Instruction ID: 43fc3e44113cd29ed386c489df08105a6f036ea58d3a31f86a335e95831a3614
                    • Opcode Fuzzy Hash: e11ca9574a4851814e644d030b0576f526eb1ea271f5e5bfbd3ff465592f193f
                    • Instruction Fuzzy Hash: 2531D4316016A29BF322979EC988F657BDCBB45B41F1D00A4EF499B6D5DB38D841C221
                    Function 019761C3 Relevance: .1, Instructions: 97COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: db01281400da738044c03b5500f21771396b4ed72668b4fc93ae8074dd22ff7a
                    • Instruction ID: d7716904a8c01ef2e158c9d209c5f3376b053af7ecb9d68d483d42a5b5ab9b6e
                    • Opcode Fuzzy Hash: db01281400da738044c03b5500f21771396b4ed72668b4fc93ae8074dd22ff7a
                    • Instruction Fuzzy Hash: 3A31DE76A0061AEBEB15DF98C840BAEB7B9EF48B40F454169E904EB244D770ED00CBA4
                    Function 0195483A Relevance: .1, Instructions: 96COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 535119b377e7c593d986c6e1e39d982ac0cd87365946bf2bfefdd1cb3669e2bf
                    • Instruction ID: 5a89d1cc093aef8d16ad5721f32cef7315724b50d270342ebb6aa46a0336854f
                    • Opcode Fuzzy Hash: 535119b377e7c593d986c6e1e39d982ac0cd87365946bf2bfefdd1cb3669e2bf
                    • Instruction Fuzzy Hash: 92316376A4012DABCF61DF58DC85BDEBBB9AB98750F1000A5E90CE7250DA30DE91CF90
                    Function 018DEB20 Relevance: .1, Instructions: 96COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6fa17501db6edaf267202e1deda98ea6cf2fac29322238f1af0871aa6192e63d
                    • Instruction ID: 3a0a10e02a7fb7099367dfb28003f089ad82aa34a046160a0c3d617670558675
                    • Opcode Fuzzy Hash: 6fa17501db6edaf267202e1deda98ea6cf2fac29322238f1af0871aa6192e63d
                    • Instruction Fuzzy Hash: C531A672E0031DAFDB21DEADC840AAEBBB8EF44750F014425E915EB250D670AB408BA1
                    Function 019760B8 Relevance: .1, Instructions: 95COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 120f461782d9f81d9887cffae487cda17cacc7d7b583d7bf2e81eee67331d075
                    • Instruction ID: 80a7f6f93aa6d4027f223c1851c1d1b049b2b0e11434614ce3c18ec428e4a175
                    • Opcode Fuzzy Hash: 120f461782d9f81d9887cffae487cda17cacc7d7b583d7bf2e81eee67331d075
                    • Instruction Fuzzy Hash: 5B318471B00A06EFEB129FADD850B6AB7B9BF84754F05406DE509DB352DA70ED018B90
                    Function 018B07AF Relevance: .1, Instructions: 95COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 25cf296ea7b78842d460dcc7a8271c4aa25bd5c6029bc9e41959b9f93644c99a
                    • Instruction ID: e75cc5b01e1ec369ee4e895dd59fc93412f78e3a91fbf2762d0f144db344e63d
                    • Opcode Fuzzy Hash: 25cf296ea7b78842d460dcc7a8271c4aa25bd5c6029bc9e41959b9f93644c99a
                    • Instruction Fuzzy Hash: 0C31C572A04716DBC712DE288CC0AABBBB5AF94750F014529FD59EB311DB30EE1187E2
                    Function 018B8550 Relevance: .1, Instructions: 94COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ab3d5dc05376f80a2ddb2e8a3973cc20b773a9fcfe42fba2440f003dbe192486
                    • Instruction ID: b8b03f5c74fa91265629dc523fd650fc59cc415dc70da657e74d608a44c507cf
                    • Opcode Fuzzy Hash: ab3d5dc05376f80a2ddb2e8a3973cc20b773a9fcfe42fba2440f003dbe192486
                    • Instruction Fuzzy Hash: 19318D716093018FE720DF19C880B6ABBE9FB98700F154A6DF988DB355D770EA44CB92
                    Function 018EA6C7 Relevance: .1, Instructions: 92COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                    • Instruction ID: c69ef3d08c5a633907c37b7b730838c98e8d30f4ec0306fdc6df1545146d5c2f
                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                    • Instruction Fuzzy Hash: DD3129B2B00B11AFD765CF6DDD44B57BBF8BB09B50F04492DA99AC3650E630EA00CB61
                    Function 0195EBD0 Relevance: .1, Instructions: 91COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7046d238f9181b978429e3f518cbcc890c142b0723a352dbf0e9635f048d0268
                    • Instruction ID: 44d7a03b443a99b79a48b93e85a8e14804459f694aa7cd90be5b1863302fb841
                    • Opcode Fuzzy Hash: 7046d238f9181b978429e3f518cbcc890c142b0723a352dbf0e9635f048d0268
                    • Instruction Fuzzy Hash: 1A31A9719093018FC711DF19C54085AFBF5FF89615F4449AEE88CAB251D732DA49CBD2
                    Function 018D438F Relevance: .1, Instructions: 89COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f39026406e4ec455367141d2de6b1c9b4e4688735f0fd39de45c3357d9a80661
                    • Instruction ID: c93a79c4c1e85b976fd1fd39db91d9685fbc53e7a00974e0de4859122c6e95c3
                    • Opcode Fuzzy Hash: f39026406e4ec455367141d2de6b1c9b4e4688735f0fd39de45c3357d9a80661
                    • Instruction Fuzzy Hash: 0E31F431B0130A9FDB20DFACC9C0A6EBBFAAF94744F008529D506D7A55D730EA85CB91
                    Function 018ACB7E Relevance: .1, Instructions: 89COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                    • Instruction ID: aca31852833d501b6801e1f016d57df6989f860494b772081cbcc27e7e57d55c
                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                    • Instruction Fuzzy Hash: 97210632E4025AAFEB11DBB98800BEFBBB9AF14740F0580359E59E7340E370CA0087E1
                    Function 018AC156 Relevance: .1, Instructions: 88COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ba8a72a75bac976949efab249fb5f5962d3a4f2a2250da6d53877a4d3289db9
                    • Instruction ID: 2089515afc6ec25c5aa49f0868bb9a75edd465691a09cbd47734c4450f075c9b
                    • Opcode Fuzzy Hash: 8ba8a72a75bac976949efab249fb5f5962d3a4f2a2250da6d53877a4d3289db9
                    • Instruction Fuzzy Hash: 1631F9B25003018FD722AF9CCC45BB977B8AF51714F988169E949DB3C2DA74DA86CB90
                    Function 0196C3CD Relevance: .1, Instructions: 88COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                    • Instruction ID: 3fe68b1e3b714a2a8f082089a22ce8e30271c6435024910c463c6bc3aab0e781
                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                    • Instruction Fuzzy Hash: 69212D3660065666CB15EB998C00EBABBBCEF80B50F40801EFAD9C7651E635DA50C371
                    Function 018AE420 Relevance: .1, Instructions: 88COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d1f5ab9c73cb25487d21ec89946acb902485a6ae4c7673e39efea5153490873b
                    • Instruction ID: d3c2cc67de20dd131e185be752467003b88a6b4c5c9dd4ba319e52caa2beed10
                    • Opcode Fuzzy Hash: d1f5ab9c73cb25487d21ec89946acb902485a6ae4c7673e39efea5153490873b
                    • Instruction Fuzzy Hash: 3131D432A0192C9BEB31DF18DC81FEE77B9AB15740F4104A5E645E7290E674AF808FA1
                    Function 018E4588 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                    • Instruction ID: f0fd0737a025d40a75f6196d43f4b68a64635d803f0750013fb8e92e55052a73
                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                    • Instruction Fuzzy Hash: 03219F32A00609EBDB11CF58C984A8EBBF5FF49724F108469EE19DB251D674EB058F90
                    Function 018E44B0 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f635e6dfe2fc7f7b09bc77a43781f52e0a2e5cc8588f2d87c6ce2194d4c215e8
                    • Instruction ID: a9fc8b34087f71427dd44ddf45c5461df4751851be73196d6fb6de2d878edda1
                    • Opcode Fuzzy Hash: f635e6dfe2fc7f7b09bc77a43781f52e0a2e5cc8588f2d87c6ce2194d4c215e8
                    • Instruction Fuzzy Hash: A221BD726047469BCB22CF18C884B6BB7E4FB8D760F114529FD58DB641D734EA018BA2
                    Function 018AE388 Relevance: .1, Instructions: 86COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                    • Instruction ID: 67c638897bcf7e9a9d10b6ac8c8feb375c7f81a9e233eca6ee38ca7a8bb8f64c
                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                    • Instruction Fuzzy Hash: 00318D31600608EFE721CBA8C884F6AB7F9EF45354F1049A9E556CB280E734EE01CB51
                    Function 0192E609 Relevance: .1, Instructions: 86COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5a1858cef990db9f6e0a9fbd3dd9e2ae78ced2521cfdf6474fa873a13cbe3cba
                    • Instruction ID: 30630dfba3f55fbc02e4a8aa0417108ee4fdc4cb1aca2582476f00143cbfff87
                    • Opcode Fuzzy Hash: 5a1858cef990db9f6e0a9fbd3dd9e2ae78ced2521cfdf6474fa873a13cbe3cba
                    • Instruction Fuzzy Hash: 7A31A075A00216DFCB25CF1CC884DAEB7B6FF88304B194459F8099B395EB71EA45CB91
                    Function 019306F1 Relevance: .1, Instructions: 79COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 50f922bab14a8f44d9cf50e833bd71e8f55b052c856997eb504f653c8c641eaa
                    • Instruction ID: 74ca4fae340e8132aaa01f5959703f77a824ff45417ba074a2b410daf2c4ec32
                    • Opcode Fuzzy Hash: 50f922bab14a8f44d9cf50e833bd71e8f55b052c856997eb504f653c8c641eaa
                    • Instruction Fuzzy Hash: A4219171A001299BCF11DF59C881ABEB7F8FF48740B554069F945E7250D738AE42CBE1
                    Function 0193019F Relevance: .1, Instructions: 78COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 31689c3a7c50fc81e37a18e968067656f5c610912029a659cd95fe489bfaa9bb
                    • Instruction ID: ffed9910e064f21f3e6fb434973063493b1c48e19ea8a29ae570efd9a28941e3
                    • Opcode Fuzzy Hash: 31689c3a7c50fc81e37a18e968067656f5c610912029a659cd95fe489bfaa9bb
                    • Instruction Fuzzy Hash: EB21A171600645AFD715DB6CC840F69B7B8FF98740F144069F904D7691D634EE41CB94
                    Function 01930283 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9310a24c544ed5b174f2a55557afd42e37235bf804e353a763a9c942c341bc4a
                    • Instruction ID: 444d80bcda2affc9d65d89b86ab50ea70dd1db8da49a503c1ce9b2f2238c586e
                    • Opcode Fuzzy Hash: 9310a24c544ed5b174f2a55557afd42e37235bf804e353a763a9c942c341bc4a
                    • Instruction Fuzzy Hash: FE219D729043469BD711EB6DC844B9BBBDCAFD1740F0C445ABE88C7251D734DA09C7A2
                    Function 018D2835 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 934522bc4a3f403b4b9c18fd424a5c5b8f3a00ce8d799592a8b2c5c225fe1b20
                    • Instruction ID: 7d1c48cb6066c580579492b0003a34fe48cbc10cbeacf4d51682fd9bc7a66526
                    • Opcode Fuzzy Hash: 934522bc4a3f403b4b9c18fd424a5c5b8f3a00ce8d799592a8b2c5c225fe1b20
                    • Instruction Fuzzy Hash: B1210831605BC99BF323576C8C45B653B95AF41B74F2803A4FA34EB6E2DB6CCD428251
                    Function 018EA30B Relevance: .1, Instructions: 70COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1ebb00a078155513952b5e6521ab7842bc40d59713518a76af3ccc894e034afb
                    • Instruction ID: 9976c57f45fb0efff74f9413cd6456462524a126f2625013a446ca515c662a31
                    • Opcode Fuzzy Hash: 1ebb00a078155513952b5e6521ab7842bc40d59713518a76af3ccc894e034afb
                    • Instruction Fuzzy Hash: 9D217975200A519FCB29DF29C901B56B7F5BF48B48F24846CE909CBB61E371E942CB94
                    Function 01930946 Relevance: .1, Instructions: 70COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2286c719959f80fd1b7343b5da6507d2e97ff6dbf8a898675992861a4c07f713
                    • Instruction ID: 5f186944da5fa45fccb2ccf6f292a4ab0d5f44d00b64094ecf2269cc05f74fb6
                    • Opcode Fuzzy Hash: 2286c719959f80fd1b7343b5da6507d2e97ff6dbf8a898675992861a4c07f713
                    • Instruction Fuzzy Hash: 5921EBB1E00209ABDB14DF9AD8809AEFBF8FF98711F14012FE509E7250D7709A45CB90
                    Function 019480A8 Relevance: .1, Instructions: 69COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                    • Instruction ID: 9692d732b10702c9bb41b485103c7786d46697b4a6a86ab2affc5f49ce00a776
                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                    • Instruction Fuzzy Hash: 8B218E72A00209EFDF229F98CC40FAEBBB9FF88710F20481AF905A7251D734D9519B50
                    Function 018E0124 Relevance: .1, Instructions: 68COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                    • Instruction ID: 10ca4a213a140d2e78e36a507bb08d9d14c60405c4678d751442f6d20abc432d
                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                    • Instruction Fuzzy Hash: 0411E272601A05BFE7269B48CC84F9ABBB8EB81B54F100429F604CF180D6B1EE44CB65
                    Function 018B8770 Relevance: .1, Instructions: 68COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4f81b009d7046e374c39eac7bdadc42a19c4779af8ce00b7a3fbed7ea8d906f2
                    • Instruction ID: 3ffe7dc314d615ce29f66ec6035bc5dc6fe1df9f23d88c59094242c5176425dc
                    • Opcode Fuzzy Hash: 4f81b009d7046e374c39eac7bdadc42a19c4779af8ce00b7a3fbed7ea8d906f2
                    • Instruction Fuzzy Hash: 4711B2317016159BDB11CF4DC4C0A9ABBEDEF8B719B1840ADEE08DF304D6B2DA028794
                    Function 018EAAEE Relevance: .1, Instructions: 68COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                    • Instruction ID: 734437cd329ffa23fe683d78a6597bf2ab72ced4684a7186f219207fa34b575d
                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                    • Instruction Fuzzy Hash: 34217772600645DFDB298F49C548A66BBE6EBD6F50F14893DE94ACBA10C731EE01CB80
                    Function 018B80E9 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e50c4d9c6316b20f099450ebcc89ea87ae0f020d7ee5319cff652f5d23db364e
                    • Instruction ID: d6abe029b7d8edec7c663e65ca21c31261975184e29d2fcf96425c2ec356c37a
                    • Opcode Fuzzy Hash: e50c4d9c6316b20f099450ebcc89ea87ae0f020d7ee5319cff652f5d23db364e
                    • Instruction Fuzzy Hash: B4219D31A0160ADFCB14CF98C580AAEBBB9FB89718F24416DD105AB311CB71AE06CBD0
                    Function 0040A9E3 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2310694962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_400000_PO No.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 73351bebe4a757055e573fc56bfdf585adce22d4cc16eceb27a0fbf5b3d906b5
                    • Instruction ID: c79646c41a7b9a2f75cf4af04a38e79a3505e8bf750d236a472815ac6483e6e5
                    • Opcode Fuzzy Hash: 73351bebe4a757055e573fc56bfdf585adce22d4cc16eceb27a0fbf5b3d906b5
                    • Instruction Fuzzy Hash: 97115C719482499FDB01CFA8C5416EEBFB0FB8A214F0841A6D889E72C2E6359522CBC1
                    Function 018E674D Relevance: .1, Instructions: 65COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 234d600b50448346f78c095ddfb1f0a7645e93953fe3078e69e2122bdfac1d7b
                    • Instruction ID: 4993c1bddf39dc79fb434760c1519dcb7aaa886b58f4d8dc51dd95282ee29f0f
                    • Opcode Fuzzy Hash: 234d600b50448346f78c095ddfb1f0a7645e93953fe3078e69e2122bdfac1d7b
                    • Instruction Fuzzy Hash: 87218C71600A01EFD7208F68C880B66B7E8FF55750F54892DE5AAC7250EA70EA40CBA1
                    Function 018DE8C0 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c7e590e01dd0c28c4b57a8c34de73d1a2e973a233af5bebad4ea6cbe4a2e2ef9
                    • Instruction ID: 41a32d916d7b28cd9f32a73ae4347492e2783ee56227e5d323bdc161823fcb6c
                    • Opcode Fuzzy Hash: c7e590e01dd0c28c4b57a8c34de73d1a2e973a233af5bebad4ea6cbe4a2e2ef9
                    • Instruction Fuzzy Hash: C5114C32300218ABCB19CB28CC80E6BB796EBD1374B284528D92ACB280D930D906C691
                    Function 01946870 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 63c59e311b3cb521dbfd7abdc765779ab65c7777c73fdd7de99ac618d536e620
                    • Instruction ID: 909c69c1fdbde213cadfb7a6fbeddc7f1b7c70acf8fb10717d9bce1a6687813a
                    • Opcode Fuzzy Hash: 63c59e311b3cb521dbfd7abdc765779ab65c7777c73fdd7de99ac618d536e620
                    • Instruction Fuzzy Hash: A011E3B6240604EFD722DB5DC940F9A77A8EF96B54F014028F209DB261DAB0E901CBD0
                    Function 018E66B0 Relevance: .1, Instructions: 61COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f07e7640504b05103f5747dcb3d797790d8c42b64233a5404f4d98e757c05c4d
                    • Instruction ID: 91daeb27bef219f0391cbe5e36c5a6c649a5610a949a6496682d42955b715fc4
                    • Opcode Fuzzy Hash: f07e7640504b05103f5747dcb3d797790d8c42b64233a5404f4d98e757c05c4d
                    • Instruction Fuzzy Hash: CA11BC76A41205DBCB25CF59C984A5ABBE9AFA6710F26817DE905DB310FA30DE00CB90
                    Function 0197A8E4 Relevance: .1, Instructions: 61COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                    • Instruction ID: 13c2908d8b5dda5530ef1bd38b7ac4918d52759b079a8e9474cd7cae955a6394
                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                    • Instruction Fuzzy Hash: 2D11B236A00915AFDB19CB58CC05A9DBBB5EF84210F098269E859A7340E675AE51CB90
                    Function 018B0AD0 Relevance: .1, Instructions: 61COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                    • Instruction ID: 50b7549d5ab5f4b509028963af26e312a1e9ed795d85e1022a18b817488dffba
                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                    • Instruction Fuzzy Hash: BC21E3B5A00B059FD3A0CF29C480B52BBF4FB48B10F10492EE98AC7B40E371E914CB94
                    Function 0193E7E1 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                    • Instruction ID: eb4cb95590b79be75895e433bbace5a461266d20764715ed7783df9ceb2a1b7f
                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                    • Instruction Fuzzy Hash: 64119E32E00605EFEB219F48C840B56BBE9EBC5755F058428EA0D9B2A0DB31ED40DB92
                    Function 018D27ED Relevance: .1, Instructions: 58COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8a3ab9e82fd9efc7ad199f86e14c7e2c8b4f1d4553370dcb80ce0087cc7419b9
                    • Instruction ID: e64533dff88ad274a53e0e7aeaf71f9b957ee568bcf32d1e4362262b77de6d16
                    • Opcode Fuzzy Hash: 8a3ab9e82fd9efc7ad199f86e14c7e2c8b4f1d4553370dcb80ce0087cc7419b9
                    • Instruction Fuzzy Hash: 09014971746789AFE316A26EDC84F677B9DEF80755F450075F904CB240DA24DD00C2B2
                    Function 018B4690 Relevance: .1, Instructions: 57COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 29551508dd35779fbba403dcbe488370fa022f36c43191239e4082c4f928960f
                    • Instruction ID: b1f076782373eaba58ed3605cb8f56b0a34a0745efc2c326493d12ff3ddc2caa
                    • Opcode Fuzzy Hash: 29551508dd35779fbba403dcbe488370fa022f36c43191239e4082c4f928960f
                    • Instruction Fuzzy Hash: C8110236200649AFDB21CF5DC8C6F967BA4EB86B64F00411AF906CB352C770EA00CF64
                    Function 018E6620 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9fbe9e229c29effd32807560ac8f352c54461e99876a85f533b4879c520abbb5
                    • Instruction ID: cdad9db50eb2ac8dd6f87bb36d925b1820374214178267517635426f0fd63f63
                    • Opcode Fuzzy Hash: 9fbe9e229c29effd32807560ac8f352c54461e99876a85f533b4879c520abbb5
                    • Instruction Fuzzy Hash: 3611A072A10715ABDB229B5DC9C4B5EFBF8EF55750F640458DA04E7210E730EA018F90
                    Function 018DEA2E Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 399046a055e23e0561c8561c5e40b2600c33bf21ac536e439b0e04a9b005f267
                    • Instruction ID: 99702a132acbad937f50396aa8b6446ce5c806e33e74d907d5c21b34a5867f4c
                    • Opcode Fuzzy Hash: 399046a055e23e0561c8561c5e40b2600c33bf21ac536e439b0e04a9b005f267
                    • Instruction Fuzzy Hash: 5E01D2716002069FD325DF18E484F56BBF9EF91324F61816AE105CB265CB70ED46CBD1
                    Function 018DE53E Relevance: .1, Instructions: 55COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                    • Instruction ID: 2665648733dcc9c010d3973ec2c99f69c4cf33d1756e72c802f10d2844dc19e1
                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                    • Instruction Fuzzy Hash: CF11E9722017CE9BE723971CC544B653BA8AF00798F1900A0EE45DB642F33DC986C251
                    Function 0193E75D Relevance: .1, Instructions: 54COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                    • Instruction ID: 9d07c2f2b0df1a9b5bdcf9b0776a9a9df0ca972b072c9abb40cea67885d7a47d
                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                    • Instruction Fuzzy Hash: FF019236A00105AFEB229F5CC840F5B7AADEBC5B51F058424EA0A9B260E771DD40CB90
                    Function 018AA250 Relevance: .1, Instructions: 52COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                    • Instruction ID: ae008e29c49c23f46d28e3348d88df22d3b8e44b513c511b8ec49926f691a904
                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                    • Instruction Fuzzy Hash: 93014931504B269BDB358F19D840A327BF4FF55B60740852DFE95CBA81C331D620CB60
                    Function 0192E1D0 Relevance: .1, Instructions: 51COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c3b9401089e20dfc12032c532547012ed84b845a64f073bf1b0803595e713bbe
                    • Instruction ID: 6930ee89aa45058b7a328985ab44ffa5c74992d0e46dcdde61ef30bf5eb14969
                    • Opcode Fuzzy Hash: c3b9401089e20dfc12032c532547012ed84b845a64f073bf1b0803595e713bbe
                    • Instruction Fuzzy Hash: B911AD32241641EFDB15EF19CD80F56BBB8FF94B44F240069FA0ADB665C635EE01CAA0
                    Function 018B6259 Relevance: .1, Instructions: 51COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a4acdb95f43076d8d58c1f9ca016dd3d064c27854179e61dbb1b0840e7efdb7d
                    • Instruction ID: 3bf6fa79a14f6079c200219aa7a033a0935d1e1278357e1bc111419f5c939dfe
                    • Opcode Fuzzy Hash: a4acdb95f43076d8d58c1f9ca016dd3d064c27854179e61dbb1b0840e7efdb7d
                    • Instruction Fuzzy Hash: E911487164122DABEB25AF68CD42FE9B3B5BB04710F504198A718E61E0DA709B91CF85
                    Function 018E6DA0 Relevance: .1, Instructions: 51COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                    • Instruction ID: 3cfeb8b736dfeb381b918b5a33881054732b0e688907d1c1878418ac18e47b4b
                    • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                    • Instruction Fuzzy Hash: 7E01FC7160425767EF659B59C808B9F7FE4EB52B50F354019AA06DB2C0F774DA80C3E1
                    Function 018B208A Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                    • Instruction ID: 614519dfe2d4a127c2b086016bf5e7299de797ed7b845f6d2a317d4abad8fe42
                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                    • Instruction Fuzzy Hash: 6201B5326001118BDF269A5DD8C0B92776BBFC5704F5545A9ED05CF386DA71ED82C790
                    Function 01936050 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7290b2f643123ea103eed12fe7c6468a8a319c55976f047018fe0dcb8442a324
                    • Instruction ID: 93bbf9445cf0e340c2dd2eddcc865a48773a04e18e5e341010113a35b55611e3
                    • Opcode Fuzzy Hash: 7290b2f643123ea103eed12fe7c6468a8a319c55976f047018fe0dcb8442a324
                    • Instruction Fuzzy Hash: 2B110572900019ABCB11DB99CC84DDFBBBCEF58354F044166A906E7211EA34EA15CBE1
                    Function 01946500 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2fafed10e97ff4ac549220facee55e0615179079b59aa70cb92e1553dd21cadb
                    • Instruction ID: a3a01571ae781130ed0c77d095a9e3826c1492b2f5f5b94db438312581a83ecd
                    • Opcode Fuzzy Hash: 2fafed10e97ff4ac549220facee55e0615179079b59aa70cb92e1553dd21cadb
                    • Instruction Fuzzy Hash: C211A1726441469FD711CF58D800FA6BBB9FB5A314F088159E848CB315D732EC85CBE0
                    Function 0193C810 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b28910f89d2fef6b5ba4bda0ce4e32ff914d6af06b4e7be58e2ff0723ec0fa4d
                    • Instruction ID: 12c510c30b1bd626737a4916c8bc9a66a45909be749694cd6a639845bdc3c95c
                    • Opcode Fuzzy Hash: b28910f89d2fef6b5ba4bda0ce4e32ff914d6af06b4e7be58e2ff0723ec0fa4d
                    • Instruction Fuzzy Hash: 5F11E8B1A006099BCB04DFADD541AAEBBF8FF58350F10806AA905E7351D674EE01CBA5
                    Function 0195EA60 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 60e2dbe000f4d92ddc8b0f023550f8439723e91750381f0f658d4acec2c39b47
                    • Instruction ID: f52fbb0301282b3bbf0d509e22fbecedafd5062b1aad90a4448bd9cbdd388000
                    • Opcode Fuzzy Hash: 60e2dbe000f4d92ddc8b0f023550f8439723e91750381f0f658d4acec2c39b47
                    • Instruction Fuzzy Hash: FD019E315402119BCB62EF398440D7AFBAEFF51B91B44842EF949AB251CA32DA41CBD2
                    Function 018F20F0 Relevance: .0, Instructions: 49COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 76ddb3f5e029546f48bfe94e02e96d03e492b2b16ce9c76905424d58ff6789cf
                    • Instruction ID: 9b1268552a129495202c53202f50a7626d0c744c7b5317d547b4c6da904fa8a3
                    • Opcode Fuzzy Hash: 76ddb3f5e029546f48bfe94e02e96d03e492b2b16ce9c76905424d58ff6789cf
                    • Instruction Fuzzy Hash: 2E116D35A0120DEBCB05DF68C850BAE7BBAFB44754F104059EA05DB290DA35EE51CB91
                    Function 018AC020 Relevance: .0, Instructions: 49COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                    • Instruction ID: 178292337649f9e8a3150ce49264cd2fbae1114e68e4e68f422a3e413f90f274
                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                    • Instruction Fuzzy Hash: BB01B5321407099FEB2396ADC900FA777EDFFC5714F448819AA4ACB580DB75E602CB51
                    Function 018EE5CF Relevance: .0, Instructions: 49COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 47ddcd2fff7190d5e81c228dbf435f5a59bcbe405994502d10c7b77609e22397
                    • Instruction ID: 368487b101a4b5a4cabe49ccebff2607bd4fa855de36a6f9867161d7c1cb176d
                    • Opcode Fuzzy Hash: 47ddcd2fff7190d5e81c228dbf435f5a59bcbe405994502d10c7b77609e22397
                    • Instruction Fuzzy Hash: 53018F72201A16BBD311BB6DCD80E57BBACFB95BA4B040629B609C35A1DB34ED01C6E5
                    Function 019469C0 Relevance: .0, Instructions: 49COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 01c1784318de74421954db2a395572f3e240f6b980a80e60556de75ea761de89
                    • Instruction ID: a9da0b535170e8b9483cad99bc63b1cec2b9f24c6d337bbed4b2b59ee17d2a06
                    • Opcode Fuzzy Hash: 01c1784318de74421954db2a395572f3e240f6b980a80e60556de75ea761de89
                    • Instruction Fuzzy Hash: 5701FC722147029BC320DF6DD848DA7BBACFF55760F114529E95DC7280E7309905C7D1
                    Function 0193C460 Relevance: .0, Instructions: 48COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 361041333888c55d9f55e4335ac1d9ed4980f19909b0075a26e5e6f11f1585cb
                    • Instruction ID: cc60750c10843aff8317f2759b75077a98dec9df41c7da15de82cd7cc78c8564
                    • Opcode Fuzzy Hash: 361041333888c55d9f55e4335ac1d9ed4980f19909b0075a26e5e6f11f1585cb
                    • Instruction Fuzzy Hash: F4115B71A0120DABDB15EF68C844EAE7BB9EB88740F00405ABD05A7340DA35EA11CB90
                    Function 0193C97C Relevance: .0, Instructions: 48COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b9a7b5048cad671260ccc580842c70d62490682d2e575ec1ced40091d8cec96b
                    • Instruction ID: 205dca07154acd85f129b238857c71567b7e2fec3ba8a7b626703f500269c5ea
                    • Opcode Fuzzy Hash: b9a7b5048cad671260ccc580842c70d62490682d2e575ec1ced40091d8cec96b
                    • Instruction Fuzzy Hash: 961139B16197099FC700DF6DD441A9BBBE8EF98710F00891FBA98D7391E630E901CB96
                    Function 01984A80 Relevance: .0, Instructions: 48COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                    • Instruction ID: 191c23a6c34d2d52d118233f465cd139e8479501a231de71a59da62b1cdf5f06
                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                    • Instruction Fuzzy Hash: 7B01B1372006029FDB21AA6DD844F96FBEAFFC5610F044819E6468F650DAB0F841C794
                    Function 0193CA11 Relevance: .0, Instructions: 48COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1fbaef3220ee7e90bc96e1bc22c0e3f24c481f739fe4005b04c7c0460a1a33f1
                    • Instruction ID: 3c1dbcf6caef08bfca21347a98a874816f0e74348f1b7bc2d8db2f02870601c2
                    • Opcode Fuzzy Hash: 1fbaef3220ee7e90bc96e1bc22c0e3f24c481f739fe4005b04c7c0460a1a33f1
                    • Instruction Fuzzy Hash: 2F1157B16083089FC300DF6DC441A5BBBE8AF99750F00891FBA58D73A0E630E901CB92
                    Function 018CE016 Relevance: .0, Instructions: 46COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                    • Instruction ID: 38f2238ccdc14f15aafab9b41e009c4543e9435b7caa5e0fde5a91694c30626a
                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                    • Instruction Fuzzy Hash: E4017C322006849FE323861DC948F267BDCFB84B54F0904A5F909CBAE2D679DD40C661
                    Function 018A826B Relevance: .0, Instructions: 46COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7bfa6058b1acd5daffddf76ade3171ef79fe39e6e3ce05c59d83b493b7fdf4bd
                    • Instruction ID: 84649789f0158f9f043afa2c05313a57b2febf1f58e9938172eb687ade93035b
                    • Opcode Fuzzy Hash: 7bfa6058b1acd5daffddf76ade3171ef79fe39e6e3ce05c59d83b493b7fdf4bd
                    • Instruction Fuzzy Hash: CF01F732B00509DFE714EB69DC04ABEB7A9FF81310F8540299A05E7680DE30DE05C2A1
                    Function 0195EB50 Relevance: .0, Instructions: 46COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: c5982de4ebca06dac4837afc25e83e5134a63c44b3eba2d8e542ec96ba2368ad
                    • Instruction ID: a7791edc49b1ef29af6f7bee73f134ff8ab0698a6d056014164bfe05eef3165a
                    • Opcode Fuzzy Hash: c5982de4ebca06dac4837afc25e83e5134a63c44b3eba2d8e542ec96ba2368ad
                    • Instruction Fuzzy Hash: 0701DF71640702AFD3319B1AD841F12FAA9AF54F91F00082EB60A9B390C6B1DA408B94
                    Function 018B2582 Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: faaf368ba64b5bfb3d59197f9831a8d5b2bca46cb9de81676a1c05f93c69c6a6
                    • Instruction ID: 531143485584889b423fb8158051c630600262e2287447b3d1028fa7b45df041
                    • Opcode Fuzzy Hash: faaf368ba64b5bfb3d59197f9831a8d5b2bca46cb9de81676a1c05f93c69c6a6
                    • Instruction Fuzzy Hash: 43F0A932741615BBC7329B5A8D80F577AAEEB84F90F154429B605D7740D630EE01CAA1
                    Function 018DC073 Relevance: .0, Instructions: 43COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                    • Instruction ID: 3730d1b4c38dd79a5890367ef36a5f1382a8ad9a8729a417f371dc88d2ee662b
                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                    • Instruction Fuzzy Hash: DBF0C2B2A00611ABD324DF4DDD40E57FBEADBD1B80F04812CE605C7220EA31EE04CB90
                    Function 018AC310 Relevance: .0, Instructions: 43COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                    • Instruction ID: 309e7ed76d8e122b47647df6e8fab238f7f12bd7f99639f60d4096553e476bac
                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                    • Instruction Fuzzy Hash: 2DF02B73204A379FF732565D8840B6BAA998FD1B64F9A0035F209DB240CB70CF0297D1
                    Function 018ECA6F Relevance: .0, Instructions: 42COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                    • Instruction ID: 0560bfd5a7c950323f52e5d8bc87eeac67e19275de249925251b7a6f7c0489a0
                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                    • Instruction Fuzzy Hash: 6701F4726006959BD322971ED809F99BBDCEF92B54F0C84A5FE08DB6A2D779CA01C211
                    Function 019861E5 Relevance: .0, Instructions: 41COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0d4e17f1f4b284d3885fb08cf0a5beb6577911ebf01eb0c0f8f540d9b8695a3f
                    • Instruction ID: 54ec0e41d0b33499c39b8d5c748a222647743b09e062b7ecfa48d0a808be7cac
                    • Opcode Fuzzy Hash: 0d4e17f1f4b284d3885fb08cf0a5beb6577911ebf01eb0c0f8f540d9b8695a3f
                    • Instruction Fuzzy Hash: 1B018F71A002499BCB00DFA9D541AEEBBF8BF58310F14405EE905EB290D734EA01CB95
                    Function 019363C0 Relevance: .0, Instructions: 41COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                    • Instruction ID: 94ee0da1ac79b711643a618e6b284b77633a48237e8d3b94743e017987bf725c
                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                    • Instruction Fuzzy Hash: 58F01D7220011DBFEF019F95DD80DEF7B7EEB99798B104125FA1592160D631DE21ABA0
                    Function 0193A4B0 Relevance: .0, Instructions: 40COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4e80c94f808886422395d506c8210560a6bc8d0f94294d19955fec5a4239a38d
                    • Instruction ID: e478cfdc2965d30f8c624fd70580b6158c05a6a2bfc702de6b6b44581247d7f7
                    • Opcode Fuzzy Hash: 4e80c94f808886422395d506c8210560a6bc8d0f94294d19955fec5a4239a38d
                    • Instruction Fuzzy Hash: 8A019A36200209ABCF129F84DC40EDE3F66FB8C754F068101FE19A6260C332D970EB81
                    Function 018AC0F0 Relevance: .0, Instructions: 39COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4b5e04c6a9865e6e3992e86cd2d917fb10d25fa7261437d409acb11da2d4309a
                    • Instruction ID: c11b41beb0833e3833f59664ac4a3185a5291270bcde6cf81a0e05dfbda4eefe
                    • Opcode Fuzzy Hash: 4b5e04c6a9865e6e3992e86cd2d917fb10d25fa7261437d409acb11da2d4309a
                    • Instruction Fuzzy Hash: B9F02E723047416BF760A6199C01B2232AAEBC0754FA5802AEB09CF7C1FB70FE0183A4
                    Function 018E656A Relevance: .0, Instructions: 39COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 826d668cf4a843c8f10d593468ef3f1e5bf01d1c196a3c99b0ac570de12d8a0e
                    • Instruction ID: 8191c34502e8f036d16e7f61673b96ae141cc13897e593fe8a9494f50ad5704f
                    • Opcode Fuzzy Hash: 826d668cf4a843c8f10d593468ef3f1e5bf01d1c196a3c99b0ac570de12d8a0e
                    • Instruction Fuzzy Hash: 5101A470304685DBF322972CCD4CF653BE8BB51B04F5941A4FA15DB6DAE728DA018611
                    Function 0195437C Relevance: .0, Instructions: 37COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                    • Instruction ID: 48ea740a275ebbb2dcfc5ff2edd0dfe49fc1611d4a1ce36c45877d24ed872cdc
                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                    • Instruction Fuzzy Hash: 96F0E931381A1347EBF5EB2E8520B2AA69D9F90E42B05053C9D09EB661FF30D8808790
                    Function 0193C89D Relevance: .0, Instructions: 36COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0c5088d270d90fb81e02310d9093c64dfbaebbb0f0c3b5caac4da6bb32a79a3f
                    • Instruction ID: 48234ff6fe72e7430c54c479d25c1f098008405bf40baafff4d39822085deb75
                    • Opcode Fuzzy Hash: 0c5088d270d90fb81e02310d9093c64dfbaebbb0f0c3b5caac4da6bb32a79a3f
                    • Instruction Fuzzy Hash: 0CF08C716097049FC310EF28C441A1AB7E4EF98710F404A5EB998DB390EA34EA01C796
                    Function 0193E872 Relevance: .0, Instructions: 36COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                    • Instruction ID: c0191bf5ea9157052f2b3a8920a263560af08425c3ebb8871c633d58a4cd5edf
                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                    • Instruction Fuzzy Hash: 69F08233F116129BE3319A4ECC80F56B7ACEFD5A60F190469AA089B260C760EC02C7D2
                    Function 018E0854 Relevance: .0, Instructions: 35COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                    • Instruction ID: 87afda456c68374a0f7bba3ea8d5ab6aaa1dd2186237d7a88098cd99b3d71ee4
                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                    • Instruction Fuzzy Hash: 14F02E72704205AFE724DB25CC04F86B6F9EFA9740F148878A948C72A0FAF0EE00C694
                    Function 0193C912 Relevance: .0, Instructions: 34COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6201ccb37f778d60f465c7ca95f02ccd3292025e6c32f96656736962048b650f
                    • Instruction ID: 02bd58ac6397fe34fa0cf26a2c0b21dc2f27b436071a83c4f8d16f80f8ad9e68
                    • Opcode Fuzzy Hash: 6201ccb37f778d60f465c7ca95f02ccd3292025e6c32f96656736962048b650f
                    • Instruction Fuzzy Hash: 67F06270A01249DFCB04EF69C515EAEB7B4FF58300F00805AB959EB385DA38EB01CB95
                    Function 018B47FB Relevance: .0, Instructions: 33COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 59caaec86aa1ad56c3a5d6b659d26651f25c852620ee8df8a0f326f41ba76d12
                    • Instruction ID: 2f91024e29ef5d6fd8b8417abe1ac2f066171b3875961af66cecb4c40731b28e
                    • Opcode Fuzzy Hash: 59caaec86aa1ad56c3a5d6b659d26651f25c852620ee8df8a0f326f41ba76d12
                    • Instruction Fuzzy Hash: D8F024319422E59FE732DB1CC0C5BA17BE4DB08724F08886AE58BC7703C724EA80C681
                    Function 01970115 Relevance: .0, Instructions: 32COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9415a184f3257f2b48f4b71b8511118e1c1e890240798ef8b73995605945ca99
                    • Instruction ID: 087502b1130af303fe0fc00d050bbc749d9d3a8bb35743746ce2f74cfcf20695
                    • Opcode Fuzzy Hash: 9415a184f3257f2b48f4b71b8511118e1c1e890240798ef8b73995605945ca99
                    • Instruction Fuzzy Hash: A9F0A77A4196854ACB326B3C74602D16F5CBFD3110F5D2445E4A957205C6749587C3A5
                    Function 018EC5ED Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f25c845bfae18457dc9b9e1c632ddeee11bced827f116df7141a20b22eaf968f
                    • Instruction ID: c50513ccf5ae053be7ba33ee60bb1e510b4b7316329e6cc55fbd1b937a24918c
                    • Opcode Fuzzy Hash: f25c845bfae18457dc9b9e1c632ddeee11bced827f116df7141a20b22eaf968f
                    • Instruction Fuzzy Hash: E0F0E271D116519FE322975CC14CB137BE49B837A4F08942DD50AC7573C764FA80CE51
                    Function 018F2619 Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                    • Instruction ID: d8c57829c192f2c25954475c41b44a4a3a5d15236f6ce29329ef7213079a5b32
                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                    • Instruction Fuzzy Hash: 33E0D8323006012BE7119E5D8CC0F477B6EDFD6B10F04007DB6049F251C9E6DE0987A5
                    Function 01946030 Relevance: .0, Instructions: 29COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                    • Instruction ID: a68ecfd58c36fe706a7432b3dd6c9738e664faa1c82fb2b555baad5e87f88d1d
                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                    • Instruction Fuzzy Hash: D2F030B22042049FE3218F0AD944F52BBF8EB06765F45C429E6099B561D379EC40CFA4
                    Function 018B0710 Relevance: .0, Instructions: 28COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                    • Instruction ID: 30ef3cdbf75392da8c479a6f88a65ed6eaa41a59d9a2015788a5f59cedd25594
                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                    • Instruction Fuzzy Hash: 38F0A0392047459FDB16CF19C090AD6BBA8EB51350B008494F84A8B341D632EA82CB54
                    Function 018E49D0 Relevance: .0, Instructions: 28COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                    • Instruction ID: 9020b8e0624cf7dc606cad7dcdb7574eb5b09af2d2133ac609050c0e59de1137
                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                    • Instruction Fuzzy Hash: A0E0D832344149ABD7211A5D8808B6677E6DBD3BF0F150429E608CB151DB70DE40C7D8
                    Function 0195678E Relevance: .0, Instructions: 27COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                    • Instruction ID: be71dcfb5ee842e4aa15db2f4fa610eaa720cef190f97fc10ffbec47bcabef39
                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                    • Instruction Fuzzy Hash: D4E0DF32A00214BBEB21D7998D05F9ABEBCDB90FA0F050154BA04E7090E530EE00C690
                    Function 018B25E0 Relevance: .0, Instructions: 23COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 488dc97acaddd83cbcc2210e76da9231e137bc219c9af3033a00ab216b85a3c7
                    • Instruction ID: 8f7e941a54c23458430cc52103ae8cf1f77e7998146452c7dd244422decb504c
                    • Opcode Fuzzy Hash: 488dc97acaddd83cbcc2210e76da9231e137bc219c9af3033a00ab216b85a3c7
                    • Instruction Fuzzy Hash: EFE092321005549BC321BB2DDD41FCA7B9AEF60760F014519B116972A0CA30BA10C7C5
                    Function 01934000 Relevance: .0, Instructions: 22COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                    • Instruction ID: b365ec9f4d1a5e2866c4117e4f771d3cbb4a4a9c6b23cfcdde24b0d9dba86f27
                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                    • Instruction Fuzzy Hash: 2CE0C2383003058FE715CF19C040B62BBBAFFD5A11F29C068E9488F205EB32E842CB40
                    Function 018ECA38 Relevance: .0, Instructions: 22COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4d32a87272bee197e0c0d5266dccffce80f1623644759d3226c01936cb803ac9
                    • Instruction ID: f94f6be94f3e50e44949ffbbee7c538daadb89a25d1116ef14bca920e731d592
                    • Opcode Fuzzy Hash: 4d32a87272bee197e0c0d5266dccffce80f1623644759d3226c01936cb803ac9
                    • Instruction Fuzzy Hash: 4AD02B729851206ACF36E11C7C08F933BDAAB41760F014860F508D2010D624CE8197C4
                    Function 018A823B Relevance: .0, Instructions: 21COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                    • Instruction ID: 7695489c0e99dbfe1bb567bd8617f140e279993b5fd62a7bce7d91c08f459a5d
                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                    • Instruction Fuzzy Hash: 77E0C232040A18EFEB322F1DDC00F617BA6FF55B12F10886DE586960A48771EEC2CB65
                    Function 018B2050 Relevance: .0, Instructions: 20COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 240e9942c2ec3cd02a9c7cf43d734933266d5c57247bedf71d083cfb923db332
                    • Instruction ID: 07b6f88ef0d94df25eaf66b32d37ecafee8b0f35f7cd19108ba2e83362dba1ca
                    • Opcode Fuzzy Hash: 240e9942c2ec3cd02a9c7cf43d734933266d5c57247bedf71d083cfb923db332
                    • Instruction Fuzzy Hash: D3E08C321004506BC311FA5DDD41E8A739AEFA5760F044225B151872A0CA20BE01C795
                    Function 018E8A90 Relevance: .0, Instructions: 20COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                    • Instruction ID: 3bfad39c7defe8595f1b2d525316519986e2962f9e0c8b3a60f3fc058cb725c4
                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                    • Instruction Fuzzy Hash: CEE08633111A189BC728DE18D515B7677E4EF46720F09463EA61387790C534E544C795
                    Function 01906AA4 Relevance: .0, Instructions: 17COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                    • Instruction ID: 651851694d5547d61cd5914f9af6b1f6db1604a2a8df4700ec7975336f0a1966
                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                    • Instruction Fuzzy Hash: 47D05E36511A50AFC3329F1BEA00C53BBF9FBC4F21705062EA54583920C770E846CBA0
                    Function 018EE59C Relevance: .0, Instructions: 16COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                    • Instruction ID: 18bacf7a637487e26da4f6a2172c65c33ecb2ff0111078d9b5168890ee42a38c
                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                    • Instruction Fuzzy Hash: 35D0A932204620ABD732AA1CFC00FC333E8BB88B21F064459F008C7054C360EC82CA84
                    Function 0192E908 Relevance: .0, Instructions: 16COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                    • Instruction ID: 7acebe15075b7e1e9188d283e4a63c5a7d132cc76bf80b2c7eb54799dc6fa99f
                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                    • Instruction Fuzzy Hash: 34E0EC35A506849FDF16DF5DC680F9EBBB9BB94B40F154058E5089B664C634E901CB40
                    Function 018AA0E3 Relevance: .0, Instructions: 15COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                    • Instruction ID: d92e3e485f66a7fd5ca63e43f5c2ad6f7d4cb193574507201ec6843e09af17a1
                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                    • Instruction Fuzzy Hash: ADD02232212030A3EB2C56596800FAB7905AB80B94F0A002D380AD3C00C0188D43C2E0
                    Function 018EA830 Relevance: .0, Instructions: 14COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                    • Instruction ID: 180fc33dbaac3f2df99af8197f0693a9378c3e832625b701bf10c93b1577dd03
                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                    • Instruction Fuzzy Hash: 13D012371D054DBBCB119F66DC01F957BA9E764BA0F448020B904C75A0C63AE951D584
                    Function 018ECA24 Relevance: .0, Instructions: 14COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 66d6b8241afe441a4d877fc2a7ed928c60dcf43ea221e13be8fc664004e10b2a
                    • Instruction ID: 0bff532a6fd57fed5a3933bd436608b281912163ea106eba08516752322c34cc
                    • Opcode Fuzzy Hash: 66d6b8241afe441a4d877fc2a7ed928c60dcf43ea221e13be8fc664004e10b2a
                    • Instruction Fuzzy Hash: 0AD0A930A09016CBDF2AEF0CCA18E6E3AF4FF10B40B80006CEB01D2820E328DE02CA40
                    Function 018EC700 Relevance: .0, Instructions: 12COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                    • Instruction ID: e1a89271f4c43f35fa7b86844d06f76de209338b8e63099096807f84ed5dc974
                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                    • Instruction Fuzzy Hash: 8CC01232290648AFC712AA99CD01F467BA9EBA8B40F008021F6048B670C631E921EA84
                    Function 018D0310 Relevance: .0, Instructions: 11COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                    • Instruction ID: f2425b3e3b9f6888b1147ec5a76043f91e4a3a6c5fea0d9490ef10571b041d08
                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                    • Instruction Fuzzy Hash: 90D01236100248EFCB05DF45C890D9E772AFBD8710F108019FD19076108A31ED62DA50
                    Function 018B0750 Relevance: .0, Instructions: 9COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                    • Instruction ID: c7a3178e3ce7ac9d7dbd0124851ff7e116b6bad1a058bd65c5a9dd26977f277e
                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                    • Instruction Fuzzy Hash: 29C08C347005018FCF02CB1DC280F4433E4F700700F000880E804CB721E224EC01CA00
                    Function 01984DAD Relevance: .0, Instructions: 6COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                    • Instruction ID: eab99fa21bff96633bd989d8c4377cd98eed9cbefc821c5826eae6ba48f6066c
                    • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                    • Instruction Fuzzy Hash: 0DB01232212645CFC7026724CB00B1873AABF027C1F0900F07500C9830D6188A10E502
                    Function 018F4340 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1478875ec3e053190b97d7d079895d6a8410c58a5f1e70e50dfc6931e6a4479e
                    • Instruction ID: eb4e98df6d1e0de084aad26e71fb4ba43abafcbba901369c56f78c438512676d
                    • Opcode Fuzzy Hash: 1478875ec3e053190b97d7d079895d6a8410c58a5f1e70e50dfc6931e6a4479e
                    • Instruction Fuzzy Hash: 7A900231B05D00569141715848885468049A7E0301B55C011E0464598CCA148A965361
                    Function 018F4650 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a106443388c78f1402b22b2cee8caf08bf8951c80f28e584006fdb559ba096db
                    • Instruction ID: 5cf866b370a2d995bd46df245ee1c5302ee5d9f0180f833a68dabdc0848ae524
                    • Opcode Fuzzy Hash: a106443388c78f1402b22b2cee8caf08bf8951c80f28e584006fdb559ba096db
                    • Instruction Fuzzy Hash: 54900261B01A0086414171584808406A049A7E1301395C115A05945A4CC61889959369
                    Function 018F2B80 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 05573962e7b40c84e80aa8b43d520c257710b22726f14032bb9ff8c69e97bd9e
                    • Instruction ID: 0afc72fc4406035fbb9e4f9e4c5d13c1a928625dc3a61658c71134eb49859dbd
                    • Opcode Fuzzy Hash: 05573962e7b40c84e80aa8b43d520c257710b22726f14032bb9ff8c69e97bd9e
                    • Instruction Fuzzy Hash: 6790023170190846D10571584808686404997D0301F55C011A6064699ED66589D17231
                    Function 018F2BA0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a829f924f628e18b7e90b1a02dfea41b96a76a6c670059b1af848c70c13a6206
                    • Instruction ID: 11c58a1df66a841414ac15205fe010a6e8984198c0c9f2f030c92b363b844043
                    • Opcode Fuzzy Hash: a829f924f628e18b7e90b1a02dfea41b96a76a6c670059b1af848c70c13a6206
                    • Instruction Fuzzy Hash: 5B900231B0590846D15171584418746404997D0301F55C011A0064698DC7558B9577A1
                    Function 018F2BE0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 139f502c877c7be4443ef757237d222b8318d667ec0a6e696aeac72c5efd6a56
                    • Instruction ID: e72f359ac565a03e579808a6058b7fa0ca18ceaef828e09ed465d76ad8752667
                    • Opcode Fuzzy Hash: 139f502c877c7be4443ef757237d222b8318d667ec0a6e696aeac72c5efd6a56
                    • Instruction Fuzzy Hash: 1E90023170594886D14171584408A46405997D0305F55C011A00A46D8DD6258E95B761
                    Function 018F2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4ec78a2e63ab8da8da0110a8601553d9303d53f4be3c4a75a941b20a73250299
                    • Instruction ID: e3dea9ac8d5daea074103c1802538796f44ccb41e1ef2ea82fdd02b5e971aea9
                    • Opcode Fuzzy Hash: 4ec78a2e63ab8da8da0110a8601553d9303d53f4be3c4a75a941b20a73250299
                    • Instruction Fuzzy Hash: C590023170190846D1817158440864A404997D1301F95C015A0065698DCA158B9977A1
                    Function 018F2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c3e1f631dac5037b8eb9c0bfc65e5498bd15c661eb526400c991b057047048c8
                    • Instruction ID: 83db148a9419ab510506aee64a711e2ffa2a76ff60242974f795bf2e66963ee2
                    • Opcode Fuzzy Hash: c3e1f631dac5037b8eb9c0bfc65e5498bd15c661eb526400c991b057047048c8
                    • Instruction Fuzzy Hash: FA9002A1701A40D64501B2588408B0A854997E0301B55C016E10945A4CC52589919235
                    Function 018F2AD0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 28d1c76f3a8a5fe2668203eaca680119f1dab67655d330be2dbe6734d0bb317d
                    • Instruction ID: ecc5833c7733e307dec55b3035dfb4c806e12c4387c935fc98fae37e009bc879
                    • Opcode Fuzzy Hash: 28d1c76f3a8a5fe2668203eaca680119f1dab67655d330be2dbe6734d0bb317d
                    • Instruction Fuzzy Hash: C1900225711900470106B5580708507408A97D5351355C021F1055594CD62189A15221
                    Function 018F2AF0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e13305bd9c0afd4e8e05283b684806cc46f7d3ddfbe9f0524a35204a87dc0796
                    • Instruction ID: 6fcdedaa009779c8a83199323bd691285433f1e3ebed6f793e0eebfcb3c82261
                    • Opcode Fuzzy Hash: e13305bd9c0afd4e8e05283b684806cc46f7d3ddfbe9f0524a35204a87dc0796
                    • Instruction Fuzzy Hash: EC900225721900460146B558060850B4489A7D6351395C015F14565D4CC62189A55321
                    Function 018F2DB0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e341c955f6b8ff41a3b56e3eef7c0eb4c873a442989b628bbeb0675ced1b8b0e
                    • Instruction ID: 43498e01fb37819837c0b73bc3bebe46a9eb05be3020cdcf0e113da6e1f17f8f
                    • Opcode Fuzzy Hash: e341c955f6b8ff41a3b56e3eef7c0eb4c873a442989b628bbeb0675ced1b8b0e
                    • Instruction Fuzzy Hash: E290023174190446D14271584408606404DA7D0341F95C012A0464598EC6558B96AB61
                    Function 018F2DD0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7926ea6a116e717e5fad8853563a90197fb1370609d81ea704277b67f5238e28
                    • Instruction ID: ec3e65e2070a4d3d8f5e760d740f60e47db8ce7b16ed6095b1f506116d6ee109
                    • Opcode Fuzzy Hash: 7926ea6a116e717e5fad8853563a90197fb1370609d81ea704277b67f5238e28
                    • Instruction Fuzzy Hash: 38900221742941965546B1584408507804AA7E0341795C012A1454994CC5269996D721
                    Function 018F2D00 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ba74789ed6a9bdee0bcaa799ea55b3e08930971279955a79d4ff7c5250e6abbb
                    • Instruction ID: 250222fbfa759a76e4c00d40d475afdfa1c24369eaacc1bc629776320a2a8091
                    • Opcode Fuzzy Hash: ba74789ed6a9bdee0bcaa799ea55b3e08930971279955a79d4ff7c5250e6abbb
                    • Instruction Fuzzy Hash: D390022170594486D1017558540CA06404997D0305F55D011A10A45D9DC6358991A231
                    Function 018F2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a200e0385504da9e1ae25ae556b9d9bbedf11624c2915804fc59d382ac7f312f
                    • Instruction ID: 70935481666760b126ec639a54dc30ca84adeeb7ccd801f54a61c4bf2fd088d7
                    • Opcode Fuzzy Hash: a200e0385504da9e1ae25ae556b9d9bbedf11624c2915804fc59d382ac7f312f
                    • Instruction Fuzzy Hash: 2B90022971390046D1817158540C60A404997D1302F95D415A005559CCC91589A95321
                    Function 018F2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6b56677190e5e00dd4a1b5649177ff884111194b079d95b32eead26ee73eb1d2
                    • Instruction ID: 7c3f319d8a6235bb52b815ace6f4a59a6e65d1b41f1c2fadf55fbec01eafab7e
                    • Opcode Fuzzy Hash: 6b56677190e5e00dd4a1b5649177ff884111194b079d95b32eead26ee73eb1d2
                    • Instruction Fuzzy Hash: 7F90022170190047D1417158541C6068049E7E1301F55D011E0454598CD91589965322
                    Function 018F2CA0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bed054749b2b5bbb819d3d79efd414236d174e9f701951bbad6752ecc007af9e
                    • Instruction ID: 28a56252410095adc909244b83ff387456573bab2b89adc8955f1ddf87766f86
                    • Opcode Fuzzy Hash: bed054749b2b5bbb819d3d79efd414236d174e9f701951bbad6752ecc007af9e
                    • Instruction Fuzzy Hash: 1E90023170190446D1017598540C646404997E0301F55D011A5064599EC66589D16231
                    Function 018F2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 60d5f4957fc50cf6b90d97f062ececa1fdab0cb67487745e9f0755aea3fc8418
                    • Instruction ID: 2f2373493f1c4aa4d2408b190c3785112dcce103f73e2555c7c3f3593d51b48f
                    • Opcode Fuzzy Hash: 60d5f4957fc50cf6b90d97f062ececa1fdab0cb67487745e9f0755aea3fc8418
                    • Instruction Fuzzy Hash: 31900221B0590446D1417158541C706405997D0301F55D011A0064598DC6598B9567A1
                    Function 018F2CF0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: acc83af83cc003970d0d09a758ea27cbe70b067b12803099e923a662e284bb77
                    • Instruction ID: 659dbc9e837d5f6d865792ee2d471d57fff5f5f060807bbcbc78463fab54135f
                    • Opcode Fuzzy Hash: acc83af83cc003970d0d09a758ea27cbe70b067b12803099e923a662e284bb77
                    • Instruction Fuzzy Hash: FB90023170190447D1017158550C707404997D0301F55D411A046459CDD65689916221
                    Function 018F2C60 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 77abb13cd5eb44273eb1eadb97aa636397e00f94d95a2b58b180cf5de4dd9fd0
                    • Instruction ID: c66a57f7546e590e720185f72e3e21e51deead11c7c8ef23bb0d8a2f8c840032
                    • Opcode Fuzzy Hash: 77abb13cd5eb44273eb1eadb97aa636397e00f94d95a2b58b180cf5de4dd9fd0
                    • Instruction Fuzzy Hash: DA90023170190886D10171584408B46404997E0301F55C016A0164698DC615C9917621
                    Function 018F2F90 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5e99fa255242f5938f6e2863713a4a1e2891b8266de00f0676a9806e239b0bf6
                    • Instruction ID: db234c0d40134ff6de72703d8390caecca189172d30bb28ac8e7145c3617b99b
                    • Opcode Fuzzy Hash: 5e99fa255242f5938f6e2863713a4a1e2891b8266de00f0676a9806e239b0bf6
                    • Instruction Fuzzy Hash: 8C900231701D0446D1017158481870B404997D0302F55C011A11A4599DC62589916671
                    Function 018F2FA0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 755e804cd5d1c07a70fc278205215cb06de4b523751670db153f1cbb12912362
                    • Instruction ID: 39ed65eb9ad7283a541687d0101b273d967920928c3e22f69505579fe4baa79d
                    • Opcode Fuzzy Hash: 755e804cd5d1c07a70fc278205215cb06de4b523751670db153f1cbb12912362
                    • Instruction Fuzzy Hash: B7900231701D0446D1017158480C747404997D0302F55C011A51A4599EC665C9D16631
                    Function 018F2FB0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 246cae07744939e7e2d50301308d6eb278dd223d23c5ff7c0d626fda412e3d48
                    • Instruction ID: 025ef6e1217f3c950a7fb76d09ca68d84ef759e3c5b5f48696fc11a99fd85cad
                    • Opcode Fuzzy Hash: 246cae07744939e7e2d50301308d6eb278dd223d23c5ff7c0d626fda412e3d48
                    • Instruction Fuzzy Hash: 2B900221B01900864141716888489068049BBE1311755C121A09D8594DC55989A55765
                    Function 018F2FE0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 403249d67e3d1c141580ecc0a88cdec82df5aa778c7827965b7c2d6372bda8e6
                    • Instruction ID: 5ea6fc29cffc0b83d5a87c26d3ce1fe98a416d23dd022607487dbb4e650032e8
                    • Opcode Fuzzy Hash: 403249d67e3d1c141580ecc0a88cdec82df5aa778c7827965b7c2d6372bda8e6
                    • Instruction Fuzzy Hash: 74900221711D0086D20175684C18B07404997D0303F55C115A0194598CC91589A15621
                    Function 018F2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 083e9ecbc02c495d8ad9b6c5507e31c66df59af93ca32fa022ae0206500c7f32
                    • Instruction ID: cf2582402ba3ec15b8bb96930a1b75e96dafc2d0a27a33c33a7e5cba7fd77972
                    • Opcode Fuzzy Hash: 083e9ecbc02c495d8ad9b6c5507e31c66df59af93ca32fa022ae0206500c7f32
                    • Instruction Fuzzy Hash: F790026174190486D10171584418B064049D7E1301F55C015E10A4598DC619CD926226
                    Function 018F2F60 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2c8fe4ebb4b7aa28298c91f29c245519556d54386bd73d85eb95907c9fd97b8
                    • Instruction ID: 377d637b6317316c048fa8e0062708f2d47eebaf8cdb1f46dd4d99a2e653b112
                    • Opcode Fuzzy Hash: b2c8fe4ebb4b7aa28298c91f29c245519556d54386bd73d85eb95907c9fd97b8
                    • Instruction Fuzzy Hash: 9790026171190086D10571584408706408997E1301F55C012A2194598CC5298DA15225
                    Function 018F2E80 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6416ab0d31de57a5931050256f1046e7cedd099ad34cf5c9c5c6814a99e0d112
                    • Instruction ID: 4e820d2e3da15b934dd09df75be70b180eab6b0dcd4f4b16405d1c51db9a36c7
                    • Opcode Fuzzy Hash: 6416ab0d31de57a5931050256f1046e7cedd099ad34cf5c9c5c6814a99e0d112
                    • Instruction Fuzzy Hash: 9E900221B0190546D10271584408616404E97D0341F95C022A1064599ECA258AD2A231
                    Function 018F2EA0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 966ff9af06f179d3319f90260e3f089066b03b67caf5976ae4be155641043bc4
                    • Instruction ID: b2ffba91d2ed2bb6c521560290e97ab44b927c9ac71a0f7c707061422f796607
                    • Opcode Fuzzy Hash: 966ff9af06f179d3319f90260e3f089066b03b67caf5976ae4be155641043bc4
                    • Instruction Fuzzy Hash: D690027170190446D14171584408746404997D0301F55C011A50A4598EC6598ED56765
                    Function 018F2EE0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b01cc01863c27f075c73107fa9b3b26cb966ab0d1373761512a78d7895a6bbd7
                    • Instruction ID: dfad4ff043319791a0f74dd11babc1830afacc96a116665cc84d77f4175ba992
                    • Opcode Fuzzy Hash: b01cc01863c27f075c73107fa9b3b26cb966ab0d1373761512a78d7895a6bbd7
                    • Instruction Fuzzy Hash: E7900261701D0447D14175584808607404997D0302F55C011A20A4599ECA298D916235
                    Function 018F2E30 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7585446b44ff56c7413eb51a2b6d96f216245c5783704325f79de857fc06b370
                    • Instruction ID: be51074e1513bc4b6a9f3a466b0e66ac2ea28e9a0ab37f04e6fd2c2884f5fe50
                    • Opcode Fuzzy Hash: 7585446b44ff56c7413eb51a2b6d96f216245c5783704325f79de857fc06b370
                    • Instruction Fuzzy Hash: 6A90022170190446D10371584418606404DD7D1345F95C012E1464599DC6258A93A232
                    Function 018F3090 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4a7e50b8eacb7af5e46ec0806767bc5eb4308e4661dcf17f4b3b9d5c6090a2d6
                    • Instruction ID: e952e6531027d5658a3ac58b4ec82149711002159000151ec5b9b313d82abe0b
                    • Opcode Fuzzy Hash: 4a7e50b8eacb7af5e46ec0806767bc5eb4308e4661dcf17f4b3b9d5c6090a2d6
                    • Instruction Fuzzy Hash: 4090022174190846D14171588418707404AD7D0701F55C011A0064598DC6168AA567B1
                    Function 018F3010 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21ac4d0e1cceccb47fa5fc0d1d71d10e002cd6187a5a984a28bf1a75e5fb7a3b
                    • Instruction ID: 99150d57f23cc11d9ca3877b491fcd52a0cb2f4397b92f9a85a09e0c7c182350
                    • Opcode Fuzzy Hash: 21ac4d0e1cceccb47fa5fc0d1d71d10e002cd6187a5a984a28bf1a75e5fb7a3b
                    • Instruction Fuzzy Hash: A4900221701D4486D14172584808B0F814997E1302F95C019A4196598CC91589955721
                    Function 018F39B0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 00c25b03ffcb9594fa6176d015ea56346a72416e84851b99229648fe1eae0e16
                    • Instruction ID: 7cb770dc3cece8e8a2162eff97b127f47719953924c018d7a7b466a035873061
                    • Opcode Fuzzy Hash: 00c25b03ffcb9594fa6176d015ea56346a72416e84851b99229648fe1eae0e16
                    • Instruction Fuzzy Hash: BD90022174595146D151715C44086168049B7E0301F55C021A08545D8DC55589956321
                    Function 018F3D10 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2be3903d8a1c3ddacaa95f744a84384332a351cd1513cf4d9c7802426253d280
                    • Instruction ID: 0fb9bbb54206c5eaf10a8328be453f2c088acc720fea7379676dd98f3d4680be
                    • Opcode Fuzzy Hash: 2be3903d8a1c3ddacaa95f744a84384332a351cd1513cf4d9c7802426253d280
                    • Instruction Fuzzy Hash: 4990023170290186954172585808A4E814997E1302B95D415A0055598CC91489A15321
                    Function 018F3D70 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9b566792a8758bf3203f3acef6cb769474245b9a3d357434e1a10f151becdccd
                    • Instruction ID: f2bedbb012c6a99cd19b6d2380d3bc5bf54687b9c26682d0698bac0ada1550f5
                    • Opcode Fuzzy Hash: 9b566792a8758bf3203f3acef6cb769474245b9a3d357434e1a10f151becdccd
                    • Instruction Fuzzy Hash: F090023570190446D51171585808646408A97D0301F55D411A046459CDC65489E1A221
                    Function 018F2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                    • Instruction ID: 5bab04ee90a1802b29b0d9162c5deff56e8494e45fdf32d2eac90a44d685f454
                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                    • Instruction Fuzzy Hash:
                    Function 018F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                    • API String ID: 48624451-2108815105
                    • Opcode ID: 2d85c8a5a6334042acae8ab86891b2e2692351c814aae46c8c3b8db69f1cdf83
                    • Instruction ID: cb31ccd53076ebcc45e97b27b714667dd10f2e1d5ccd08132d14d1bda9352e4a
                    • Opcode Fuzzy Hash: 2d85c8a5a6334042acae8ab86891b2e2692351c814aae46c8c3b8db69f1cdf83
                    • Instruction Fuzzy Hash: B251F4B2A0015AAFDB11DFAC888097FFBB9BB48341B54822DE669D7645D334DF0087A0
                    Function 01962410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                    • API String ID: 48624451-2108815105
                    • Opcode ID: 500b3afcda00a4dc8b373b5236e4aff3aa80fcaefa22cfc526854fc3971df856
                    • Instruction ID: 306ccfcc366b184482c6bdbd45d30bb90c561bb8658540c8bf09677fc82c18c2
                    • Opcode Fuzzy Hash: 500b3afcda00a4dc8b373b5236e4aff3aa80fcaefa22cfc526854fc3971df856
                    • Instruction Fuzzy Hash: E8510571A00646AFDB31DF9DC89097FBBFCEB44201B44886AE5DAD7681E674DA408770
                    Function 018E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                    Download Yara Rule
                    Strings
                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01924725
                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01924655
                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01924787
                    • Execute=1, xrefs: 01924713
                    • ExecuteOptions, xrefs: 019246A0
                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019246FC
                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01924742
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                    • API String ID: 0-484625025
                    • Opcode ID: e06220e66682b53105043dbf715ff4dcae9e5a64bdc2e0ed9027261c1c636731
                    • Instruction ID: bd29d8764578c82b35f2edc6e3d35b3e516d4bda06ced91fbd86f745cc34cb1f
                    • Opcode Fuzzy Hash: e06220e66682b53105043dbf715ff4dcae9e5a64bdc2e0ed9027261c1c636731
                    • Instruction Fuzzy Hash: 98511D3164021A7AEF11EBA8DC8DFAE77E8AF55314F040099D609E7191E7709B45CF91
                    Function 018FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: __aulldvrm
                    • String ID: +$-$0$0
                    • API String ID: 1302938615-699404926
                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                    • Instruction ID: 13e78eed7e08392873255255cd602bedfceab93c73e033032d8c3b8e3e90835f
                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                    • Instruction Fuzzy Hash: A381B170E152499FEF258E6CC8917FEBBB2AF85360F18411DDA61E7291C7349A40CB51
                    Function 019620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: %%%u$[$]:%u
                    • API String ID: 48624451-2819853543
                    • Opcode ID: ded42c9d2acb03b551f26c84c8da7a8fe3a9478ec3719f65228e4b0f1b1087fc
                    • Instruction ID: 38bb0290e02f6a1109908863df7c137fa3b10320fe329f93fe040f351d0873e2
                    • Opcode Fuzzy Hash: ded42c9d2acb03b551f26c84c8da7a8fe3a9478ec3719f65228e4b0f1b1087fc
                    • Instruction Fuzzy Hash: 0121537AE04119ABDB11DF69C840AEE7BFCBF54745F45012AEA09E3240E730DA018BA1
                    Function 018DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                    Download Yara Rule
                    Strings
                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019202E7
                    • RTL: Re-Waiting, xrefs: 0192031E
                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019202BD
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                    • API String ID: 0-2474120054
                    • Opcode ID: 45cc56d2b4fe62bc96c4414fadd6eff28f95a218c7de1a87d5e3e837d749ede0
                    • Instruction ID: 07565b38c149e7fa3ad4877f7dec9324b9efc42c93601a5276a553cf9e27161d
                    • Opcode Fuzzy Hash: 45cc56d2b4fe62bc96c4414fadd6eff28f95a218c7de1a87d5e3e837d749ede0
                    • Instruction Fuzzy Hash: 12E1A0306047419FD725CF28C884B6ABBE4BF85314F184A5DF6AACB2D1D774DA46CB42
                    Function 018EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                    Download Yara Rule
                    Strings
                    • RTL: Resource at %p, xrefs: 01927B8E
                    • RTL: Re-Waiting, xrefs: 01927BAC
                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01927B7F
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                    • API String ID: 0-871070163
                    • Opcode ID: 56b2283efaa4ac524f44885ef5479c164ad3ec1a28bd87b88ad9a7afa719f956
                    • Instruction ID: 2f366b75ce6321bccb173d87e85fcc845b8670e5a799327feb6dd6535de7e38c
                    • Opcode Fuzzy Hash: 56b2283efaa4ac524f44885ef5479c164ad3ec1a28bd87b88ad9a7afa719f956
                    • Instruction Fuzzy Hash: 234103317007039FDB24DE29C840B2AB7E5EF9A711F100A2DEA5AD7280DB31EA05CB91
                    Function 018EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                    Download Yara Rule
                    APIs
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0192728C
                    Strings
                    • RTL: Resource at %p, xrefs: 019272A3
                    • RTL: Re-Waiting, xrefs: 019272C1
                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01927294
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                    • API String ID: 885266447-605551621
                    • Opcode ID: 73d604146cc0016385933dee25aef612459cbf03eaa99a9e713ef66727600526
                    • Instruction ID: fd6e936e0de70666523472eff941615a89aa5b7ac701debe8535b5558206497a
                    • Opcode Fuzzy Hash: 73d604146cc0016385933dee25aef612459cbf03eaa99a9e713ef66727600526
                    • Instruction Fuzzy Hash: 6C410E31700217ABDB25DE69CC81B6AB7E5FBA6714F100618F959EB280DB20E952CBD1
                    Function 01962300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: %%%u$]:%u
                    • API String ID: 48624451-3050659472
                    • Opcode ID: 46dd8246cac395b703fa0dc3f467a550718b7fe3dfc9de776a95bbf85b782295
                    • Instruction ID: 3215875f40ee1c68bac61552c5f80aaa56006415f9ca5a596ac137853877c4b6
                    • Opcode Fuzzy Hash: 46dd8246cac395b703fa0dc3f467a550718b7fe3dfc9de776a95bbf85b782295
                    • Instruction Fuzzy Hash: 6F315472A002199FDB21DF2DCC40FEE77BCEB54A51F84455AE94DE7240EB309A448BA0
                    Function 018F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: __aulldvrm
                    • String ID: +$-
                    • API String ID: 1302938615-2137968064
                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                    • Instruction ID: d796850a92854cc6df852cbd467049ffd9e54c0b28030a7b99443fc7a64175dd
                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                    • Instruction Fuzzy Hash: CB91B371E0020A9BFB24DF6DC880ABEBBA5EF85720F54461EEB55E72C0D7309B418721
                    Function 018B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID:
                    • String ID: $$@
                    • API String ID: 0-1194432280
                    • Opcode ID: cb3b105fc28061271103efd8e993db7814abc8c848b780209a5338c7a498ff5b
                    • Instruction ID: 089cf5935d687acc97a9a6b76862ded99f30c069a206704cac284b75ca2c93e8
                    • Opcode Fuzzy Hash: cb3b105fc28061271103efd8e993db7814abc8c848b780209a5338c7a498ff5b
                    • Instruction Fuzzy Hash: 9B811A71D002699BDB359B54CC44BEAB7B8AF48754F1045EAEA1DB7280D7309E84CFA1
                    Function 0193CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                    Download Yara Rule
                    APIs
                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 0193CFBD
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.2311416978.0000000001880000.00000040.00001000.00020000.00000000.sdmp, Offset: 01880000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_1880000_PO No.jbxd
                    Similarity
                    • API ID: CallFilterFunc@8
                    • String ID: @$@4Cw@4Cw
                    • API String ID: 4062629308-3101775584
                    • Opcode ID: c4a91b729482740c8ec5e73f1b76fe55905f33b0b1e5cbbdd1a00fcb2880b260
                    • Instruction ID: e2d7044fec53615cf00dfb3c4aa54f00b1adca41dcb21b7f90fbe9f5ff898537
                    • Opcode Fuzzy Hash: c4a91b729482740c8ec5e73f1b76fe55905f33b0b1e5cbbdd1a00fcb2880b260
                    • Instruction Fuzzy Hash: DD419C71904215DFCB219FA9C840AAEFBF9FF94B40F40402EE909EB254D734DA05CBA1