Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe

Overview

General Information

Sample name:SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
Analysis ID:1546266
MD5:af65821d2f5fe034ca3d446323919fc2
SHA1:e76a08a3d02185f0f5d2c03d292e04dcfad7d523
SHA256:2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe (PID: 6192 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe" MD5: AF65821D2F5FE034CA3D446323919FC2)
    • powershell.exe (PID: 2696 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 6944 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f663:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17712:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    Process Memory Space: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe PID: 6192JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e863:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16912:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f663:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17712:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, ParentProcessId: 6192, ParentProcessName: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", ProcessId: 2696, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, ParentProcessId: 6192, ParentProcessName: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", ProcessId: 2696, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, ParentProcessId: 6192, ParentProcessName: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe", ProcessId: 2696, ProcessName: powershell.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-31T17:29:27.397939+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449735TCP
          2024-10-31T17:30:07.410762+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449748TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeReversingLabs: Detection: 55%
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4x nop then jmp 06DC6524h0_2_06DC5BBC
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49748
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49735
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1875968569.0000000002CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeString found in binary or memory: http://tempuri.org/Gamee.xsd7PoisonRoulette.GameResource
          Source: Amcache.hve.11.drString found in binary or memory: http://upx.sf.net
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896055683.0000000005750000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0042C923 NtClose,4_2_0042C923
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01842DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01844340 NtSetContextThread,4_2_01844340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01844650 NtSuspendThread,4_2_01844650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842B80 NtQueryInformationFile,4_2_01842B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842BA0 NtEnumerateValueKey,4_2_01842BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842BE0 NtQueryValueKey,4_2_01842BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842BF0 NtAllocateVirtualMemory,4_2_01842BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842B60 NtClose,4_2_01842B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842AB0 NtWaitForSingleObject,4_2_01842AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842AD0 NtReadFile,4_2_01842AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842AF0 NtWriteFile,4_2_01842AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842DB0 NtEnumerateKey,4_2_01842DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842DD0 NtDelayExecution,4_2_01842DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842D00 NtSetInformationFile,4_2_01842D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842D10 NtMapViewOfSection,4_2_01842D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842D30 NtUnmapViewOfSection,4_2_01842D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842CA0 NtQueryInformationToken,4_2_01842CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842CC0 NtQueryVirtualMemory,4_2_01842CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842CF0 NtOpenProcess,4_2_01842CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842C00 NtQueryInformationProcess,4_2_01842C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842C60 NtCreateKey,4_2_01842C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842C70 NtFreeVirtualMemory,4_2_01842C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842F90 NtProtectVirtualMemory,4_2_01842F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842FA0 NtQuerySection,4_2_01842FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842FB0 NtResumeThread,4_2_01842FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842FE0 NtCreateFile,4_2_01842FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842F30 NtCreateSection,4_2_01842F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842F60 NtCreateProcessEx,4_2_01842F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842E80 NtReadVirtualMemory,4_2_01842E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842EA0 NtAdjustPrivilegesToken,4_2_01842EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842EE0 NtQueueApcThread,4_2_01842EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842E30 NtWriteVirtualMemory,4_2_01842E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01843090 NtSetValueKey,4_2_01843090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01843010 NtOpenDirectoryObject,4_2_01843010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018435C0 NtCreateMutant,4_2_018435C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018439B0 NtGetContextThread,4_2_018439B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01843D10 NtOpenProcessToken,4_2_01843D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01843D70 NtOpenThread,4_2_01843D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_051CDB8C0_2_051CDB8C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC7AE00_2_06DC7AE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC16E80_2_06DC16E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC36000_2_06DC3600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC12B00_2_06DC12B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC127C0_2_06DC127C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC31C80_2_06DC31C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC2D900_2_06DC2D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_091078590_2_09107859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_091061820_2_09106182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_091003780_2_09100378
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_0910A8B00_2_0910A8B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_0910A8A00_2_0910A8A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_0910AB390_2_0910AB39
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_0910AB480_2_0910AB48
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_09109C900_2_09109C90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_091003690_2_09100369
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004101034_2_00410103
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004029214_2_00402921
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004029304_2_00402930
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004011C04_2_004011C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004031A04_2_004031A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_00416A7E4_2_00416A7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_00416A834_2_00416A83
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004103234_2_00410323
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0040E3A34_2_0040E3A3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0040E4E74_2_0040E4E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_004026004_2_00402600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0042EF534_2_0042EF53
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D01AA4_2_018D01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C41A24_2_018C41A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C81CC4_2_018C81CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018001004_2_01800100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AA1184_2_018AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018981584_2_01898158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A20004_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D03E64_2_018D03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E3F04_2_0181E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CA3524_2_018CA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018902C04_2_018902C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B02744_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D05914_2_018D0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018105354_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BE4F64_2_018BE4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B44204_2_018B4420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C24464_2_018C2446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180C7C04_2_0180C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018347504_2_01834750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018107704_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182C6E04_2_0182C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A04_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018DA9A64_2_018DA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018269624_2_01826962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E8F04_2_0183E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181A8404_2_0181A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018128404_2_01812840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F68B84_2_017F68B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C6BD74_2_018C6BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CAB404_2_018CAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA804_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01828DBF4_2_01828DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180ADE04_2_0180ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181AD004_2_0181AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018ACD1F4_2_018ACD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0CB54_2_018B0CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800CF24_2_01800CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810C004_2_01810C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188EFA04_2_0188EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01802FC84_2_01802FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01852F284_2_01852F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01830F304_2_01830F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B2F304_2_018B2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01884F404_2_01884F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822E904_2_01822E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CCE934_2_018CCE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CEEDB4_2_018CEEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CEE264_2_018CEE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810E594_2_01810E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FF1724_2_017FF172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181B1B04_2_0181B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018DB16B4_2_018DB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184516C4_2_0184516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018170C04_2_018170C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BF0CC4_2_018BF0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C70E94_2_018C70E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CF0E04_2_018CF0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0185739A4_2_0185739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FD34C4_2_017FD34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C132D4_2_018C132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018152A04_2_018152A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182B2C04_2_0182B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B12ED4_2_018B12ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AD5B04_2_018AD5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D95C34_2_018D95C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C75714_2_018C7571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CF43F4_2_018CF43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018014604_2_01801460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CF7B04_2_018CF7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C16CC4_2_018C16CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018556304_2_01855630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A59104_2_018A5910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018199504_2_01819950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182B9504_2_0182B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018138E04_2_018138E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187D8004_2_0187D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182FB804_2_0182FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01885BF04_2_01885BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184DBF94_2_0184DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CFB764_2_018CFB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01855AA04_2_01855AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018ADAAC4_2_018ADAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B1AA34_2_018B1AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BDAC64_2_018BDAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CFA494_2_018CFA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C7A464_2_018C7A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01883A6C4_2_01883A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182FDC04_2_0182FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01813D404_2_01813D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C1D5A4_2_018C1D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C7D734_2_018C7D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CFCF24_2_018CFCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01889C324_2_01889C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01811F924_2_01811F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CFFB14_2_018CFFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CFF094_2_018CFF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017D3FD54_2_017D3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017D3FD24_2_017D3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01819EB04_2_01819EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: String function: 0188F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: String function: 01857E54 appears 108 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: String function: 017FB970 appears 265 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: String function: 0187EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: String function: 01845130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 200
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1870536823.000000000103E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1878117444.00000000044FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1898270463.0000000007C90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1897801539.00000000074A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000004.00000002.2454956185.00000000018FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeBinary or memory string: OriginalFilenamepxNz.exe@ vs SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, pjLLLur9tiSkaioQPu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, pjLLLur9tiSkaioQPu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, pjLLLur9tiSkaioQPu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, IjP6D5cWjjGgXCicYS.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/11@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2736:120:WilError_03
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2536
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5oueypog.m1r.ps1Jump to behavior
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeReversingLabs: Detection: 55%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 200
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7660000.2.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, IjP6D5cWjjGgXCicYS.cs.Net Code: VfX1B1ZhqW System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, IjP6D5cWjjGgXCicYS.cs.Net Code: VfX1B1ZhqW System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, IjP6D5cWjjGgXCicYS.cs.Net Code: VfX1B1ZhqW System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC0EF6 push ds; iretd 0_2_06DC0EFF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC1FBF push cs; retf 0004h0_2_06DC1F7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 0_2_06DC1F50 push cs; retf 0004h0_2_06DC1F7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0040D8C8 push 972ADD89h; iretd 4_2_0040D8CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0041A971 push 00000009h; ret 4_2_0041A973
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0040DA23 pushfd ; retf 4_2_0040DA27
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_00414B4D push esp; retf 4_2_00414B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0041EBBB push esi; ret 4_2_0041EBC4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_00403420 push eax; ret 4_2_00403422
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0041AD97 push ecx; iretd 4_2_0041AD9E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0040559E push ss; ret 4_2_004055A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0040D67A push ss; retf 4_2_0040D68B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017D225F pushad ; ret 4_2_017D27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017D27FA pushad ; ret 4_2_017D27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018009AD push ecx; mov dword ptr [esp], ecx4_2_018009B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017D283D push eax; iretd 4_2_017D2858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017D1366 push eax; iretd 4_2_017D1369
          Source: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeStatic PE information: section name: .text entropy: 7.807275575545102
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, RW0OBEMZBRha8lPi7Y.csHigh entropy of concatenated method names: 'U4A5usFaGb', 'zYD5qHWnmv', 'z8P5HOytTi', 'XWa5Q6jVjJ', 'jPS5ERXFSD', 'ETx5n87u4E', 'ILk5ObrooB', 'cjv52DPJxE', 'Ydq5xe9GdL', 'QlA5Z0c1JD'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, Elq5flWOXP5Q6q3T3r.csHigh entropy of concatenated method names: 'e3NFSUTouP', 'dmVFYJWBge', 'r2naRi0hbg', 'BhfaWrQEoG', 'PYkFNKXSje', 'PAVFq6lK0O', 'AQeFfZt4HU', 'AoTFHgchdW', 'sY7FQ08Mny', 'suYFMt3SRV'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, ipQMcJSeB9u6PMObKo.csHigh entropy of concatenated method names: 'xFlBAkZZZ', 'LQJAQ50x7', 't7xDuKplu', 'RAumBYYNC', 'DDwUC4uKk', 'jAx0v9snF', 'ybdLi2NeBUhCnQrKDO', 't5NSvCQ28R6cJAhj3V', 'OJYa8IsHb', 'tta3UmkCK'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, g9XJMjAY6v2RTawueQ.csHigh entropy of concatenated method names: 'Dispose', 'enDWVMvg1v', 'PSyCEBxd69', 'xO1yyP6dwx', 'sw1WYGgLHW', 'EwiWzNBjk9', 'ProcessDialogKey', 'og1CRGeTVK', 'siTCWSmf4R', 'eakCC8tmR3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, ok7eroPtk1smVUHZAW.csHigh entropy of concatenated method names: 'xInhtiOMqH', 'zjlhKyLP64', 'QeQhBty2fL', 'j2LhAeYlSN', 'RqChG2oY1X', 'GCahD89lE8', 'T3Phmq1rji', 'kmEhLIYld9', 'pu2hULeBOs', 'B8mh0BdRLM'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, l8eIFKRqy7DJZhgLJ7.csHigh entropy of concatenated method names: 'iCBwsvjEOn', 'kb4wPgnBIl', 'lTwwXUI7sR', 'cJZwhwk4CJ', 'SM3wgmxIye', 'WmYXTR87s7', 'aqGXbH36fR', 'e3TXeDAhJa', 'Y8FXSefcPU', 'DZVXV0SbJu'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, I2V8A0QX4TkkgRwi5N.csHigh entropy of concatenated method names: 'HKdhrCBiyi', 'GkKhkXUpOx', 'SYFhw67q5y', 'D2KwYOg94r', 'vHcwzQ73ci', 'M2DhRLMkGF', 'm1WhWGiV8y', 'onbhCtlsYg', 'r8Dh6hf1t4', 'ODHh1gmhlf'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, zK05wjZFU51aXO1gUi.csHigh entropy of concatenated method names: 'U2V7LH7AeD', 'ugL7UXI2HC', 'oP27pPM6rO', 'vmS7EuH6C7', 'bDc7OxCjfY', 'GIU72hdZfH', 'yL77ZwF9Im', 'tcc7IBsY6v', 'rjo7uOiI4K', 'RGM7NnDKka'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, PmHr01qHTRVv3ooYoc.csHigh entropy of concatenated method names: 'CDekAXp5XA', 'YZ4kDx8IKX', 'aHqkLyO5AD', 'TPGkUid8D4', 'dXfk5hrpJn', 'WulkcEqumj', 'asWkFHnXIZ', 'VeNkaDEdIK', 'm4GkJ7kdyG', 'GAwk3Yn6Gr'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, rhl6gm1YyWv1nFsA5s.csHigh entropy of concatenated method names: 'MSUapAckjb', 'IwDaEYFfNh', 'ISXanC5P69', 'eKxaOkOuyr', 'zsSaHfYF44', 'sQwa2b2qEm', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, gauagME0A2MimyuOoW.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'NgpCVyowR0', 'wlOCY7nCEm', 'RhWCzQKSfb', 'w3G6RpEISZ', 'pTs6WMZKUp', 'TA46CVNvrb', 'vtn66XZ6B7', 'z81FFCfyjgPOymts9jB'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, jw5wIHaY3wWQ2nPBcN.csHigh entropy of concatenated method names: 'RRMF9110jX', 'Vv9Fj0xZ78', 'ToString', 'l4aFrcFidl', 'GjKFPQZMth', 'Mu4Fkjq5GU', 'CtDFXcaTny', 'jvJFw08OqG', 'UYWFhKxGhB', 'VqZFgQ88w3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, pjLLLur9tiSkaioQPu.csHigh entropy of concatenated method names: 'H1ZPHpdNgr', 'O1BPQLH0dy', 'yhmPMC2eDW', 'FmuP4yR6eh', 'ybKPT79phS', 'YhTPbyUjxs', 'QFPPeVFxdf', 'NCRPSjlaUU', 'tqNPVgYh7X', 'w5KPYmJrL3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, Obo1J1YkSoh2CJ8pK4.csHigh entropy of concatenated method names: 'GggwlXTmJm', 'RkGwtuQbJf', 'GGgwBpmOxe', 'CV1wAGk0of', 'nR7wDTvZlW', 'Yn9wmiAeEP', 'q1gwUNwU3B', 'TEtw08DInI', 'Yctqh6yJ64U02LxZFVP', 'i5GUjLyMcIFJ1IM392W'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, tqra9GvmsmS2fRiQIx.csHigh entropy of concatenated method names: 'XuXwMxaSd0', 'xq0w4YPsfm', 'gEAwTNaCeo', 'ToString', 'B9fwbjsgtm', 'xk8weELGNl', 'DMrV1hyKDK5rgNWSSfH', 'A5IyftyjdpxuiPICjlx', 'QT7pJMycgi4FKpLJmwo'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, mBF12IFFOEARE2eysc.csHigh entropy of concatenated method names: 'c0LXGFdCox', 'gP7XmUbWiX', 'ObxknIvCBm', 'SHHkOAJb7C', 'yBdk2TFFSE', 'l1YkxDj2Ko', 'nhSkZkDVLS', 'q2QkIJDtNu', 'NE1kdImDpE', 'Hh4kuVpgrD'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, zt5ZQmVbkkBqLx1Emv.csHigh entropy of concatenated method names: 'ToString', 'b1ZcNu7fJ8', 'cSMcEkAOMh', 'oKYcnCpAJk', 'XTPcOJ7WT9', 'Gn4c2lsGWT', 'KhScxLD6ph', 'v2TcZ6sfDJ', 'SiXcINeDDv', 'G5fcdcEXv7'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, DSgEOTuxglaQqdyJt4.csHigh entropy of concatenated method names: 'LsFJWK9dLL', 'gHwJ6wcpXg', 'N9oJ1qqrLd', 'qJ2JrT1NBi', 'oF0JPruGI9', 'YJiJXq0fb4', 'VuWJwdkLaG', 'WpQaeCGYrI', 'JGOaSJEWL4', 'fYYaVyOWB2'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, m4NLGFLSi5nwgiFUmZ.csHigh entropy of concatenated method names: 'kOtWhkokEf', 'JNJWg4iNgn', 'CorW9td0JJ', 'BxDWjVnJFi', 'KHaW5JVmVX', 'nqUWc7NSHo', 'cZsG11UTn52cA4cvCf', 'aBD57UAk82QA7TBPtf', 'iH1WWSEytp', 'wYpW6dEGh6'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, IjP6D5cWjjGgXCicYS.csHigh entropy of concatenated method names: 'WAa6sSqc1S', 'WUn6rWJBsl', 'dBA6PtLDN5', 'mcP6kb863q', 'O8e6XwWJ5P', 'END6wlCudo', 'GmU6hhVDVO', 'uJr6gVG3cT', 'spK6ixMmCE', 'dwV699cQPw'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, T7gc9pHBV3sN5iLwRpa.csHigh entropy of concatenated method names: 'hd2JtIwetV', 'XgQJK4tEma', 'CyvJBPlMXp', 'YqwJAUXxrL', 'XTPJGqrSQc', 'U58JDPqj4G', 'fCqJmSwfpp', 'HNZJLya46p', 'kXiJU0OPx2', 'RgbJ0fJAZu'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.4731a10.0.raw.unpack, Qtc6bKnyg9Tw7yp3vW.csHigh entropy of concatenated method names: 'Gk9arp3FjY', 'ix0aPyZHSB', 'tZ5akBGuFT', 'IENaXyHWcT', 'wRHawk6AG2', 'SVpahhiq50', 'cemagtVdfM', 'Fg1aiNiT8A', 'd5Sa9KKQOU', 'JH8ajVVi5G'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, RW0OBEMZBRha8lPi7Y.csHigh entropy of concatenated method names: 'U4A5usFaGb', 'zYD5qHWnmv', 'z8P5HOytTi', 'XWa5Q6jVjJ', 'jPS5ERXFSD', 'ETx5n87u4E', 'ILk5ObrooB', 'cjv52DPJxE', 'Ydq5xe9GdL', 'QlA5Z0c1JD'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, Elq5flWOXP5Q6q3T3r.csHigh entropy of concatenated method names: 'e3NFSUTouP', 'dmVFYJWBge', 'r2naRi0hbg', 'BhfaWrQEoG', 'PYkFNKXSje', 'PAVFq6lK0O', 'AQeFfZt4HU', 'AoTFHgchdW', 'sY7FQ08Mny', 'suYFMt3SRV'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, ipQMcJSeB9u6PMObKo.csHigh entropy of concatenated method names: 'xFlBAkZZZ', 'LQJAQ50x7', 't7xDuKplu', 'RAumBYYNC', 'DDwUC4uKk', 'jAx0v9snF', 'ybdLi2NeBUhCnQrKDO', 't5NSvCQ28R6cJAhj3V', 'OJYa8IsHb', 'tta3UmkCK'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, g9XJMjAY6v2RTawueQ.csHigh entropy of concatenated method names: 'Dispose', 'enDWVMvg1v', 'PSyCEBxd69', 'xO1yyP6dwx', 'sw1WYGgLHW', 'EwiWzNBjk9', 'ProcessDialogKey', 'og1CRGeTVK', 'siTCWSmf4R', 'eakCC8tmR3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, ok7eroPtk1smVUHZAW.csHigh entropy of concatenated method names: 'xInhtiOMqH', 'zjlhKyLP64', 'QeQhBty2fL', 'j2LhAeYlSN', 'RqChG2oY1X', 'GCahD89lE8', 'T3Phmq1rji', 'kmEhLIYld9', 'pu2hULeBOs', 'B8mh0BdRLM'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, l8eIFKRqy7DJZhgLJ7.csHigh entropy of concatenated method names: 'iCBwsvjEOn', 'kb4wPgnBIl', 'lTwwXUI7sR', 'cJZwhwk4CJ', 'SM3wgmxIye', 'WmYXTR87s7', 'aqGXbH36fR', 'e3TXeDAhJa', 'Y8FXSefcPU', 'DZVXV0SbJu'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, I2V8A0QX4TkkgRwi5N.csHigh entropy of concatenated method names: 'HKdhrCBiyi', 'GkKhkXUpOx', 'SYFhw67q5y', 'D2KwYOg94r', 'vHcwzQ73ci', 'M2DhRLMkGF', 'm1WhWGiV8y', 'onbhCtlsYg', 'r8Dh6hf1t4', 'ODHh1gmhlf'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, zK05wjZFU51aXO1gUi.csHigh entropy of concatenated method names: 'U2V7LH7AeD', 'ugL7UXI2HC', 'oP27pPM6rO', 'vmS7EuH6C7', 'bDc7OxCjfY', 'GIU72hdZfH', 'yL77ZwF9Im', 'tcc7IBsY6v', 'rjo7uOiI4K', 'RGM7NnDKka'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, PmHr01qHTRVv3ooYoc.csHigh entropy of concatenated method names: 'CDekAXp5XA', 'YZ4kDx8IKX', 'aHqkLyO5AD', 'TPGkUid8D4', 'dXfk5hrpJn', 'WulkcEqumj', 'asWkFHnXIZ', 'VeNkaDEdIK', 'm4GkJ7kdyG', 'GAwk3Yn6Gr'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, rhl6gm1YyWv1nFsA5s.csHigh entropy of concatenated method names: 'MSUapAckjb', 'IwDaEYFfNh', 'ISXanC5P69', 'eKxaOkOuyr', 'zsSaHfYF44', 'sQwa2b2qEm', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, gauagME0A2MimyuOoW.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'NgpCVyowR0', 'wlOCY7nCEm', 'RhWCzQKSfb', 'w3G6RpEISZ', 'pTs6WMZKUp', 'TA46CVNvrb', 'vtn66XZ6B7', 'z81FFCfyjgPOymts9jB'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, jw5wIHaY3wWQ2nPBcN.csHigh entropy of concatenated method names: 'RRMF9110jX', 'Vv9Fj0xZ78', 'ToString', 'l4aFrcFidl', 'GjKFPQZMth', 'Mu4Fkjq5GU', 'CtDFXcaTny', 'jvJFw08OqG', 'UYWFhKxGhB', 'VqZFgQ88w3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, pjLLLur9tiSkaioQPu.csHigh entropy of concatenated method names: 'H1ZPHpdNgr', 'O1BPQLH0dy', 'yhmPMC2eDW', 'FmuP4yR6eh', 'ybKPT79phS', 'YhTPbyUjxs', 'QFPPeVFxdf', 'NCRPSjlaUU', 'tqNPVgYh7X', 'w5KPYmJrL3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, Obo1J1YkSoh2CJ8pK4.csHigh entropy of concatenated method names: 'GggwlXTmJm', 'RkGwtuQbJf', 'GGgwBpmOxe', 'CV1wAGk0of', 'nR7wDTvZlW', 'Yn9wmiAeEP', 'q1gwUNwU3B', 'TEtw08DInI', 'Yctqh6yJ64U02LxZFVP', 'i5GUjLyMcIFJ1IM392W'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, tqra9GvmsmS2fRiQIx.csHigh entropy of concatenated method names: 'XuXwMxaSd0', 'xq0w4YPsfm', 'gEAwTNaCeo', 'ToString', 'B9fwbjsgtm', 'xk8weELGNl', 'DMrV1hyKDK5rgNWSSfH', 'A5IyftyjdpxuiPICjlx', 'QT7pJMycgi4FKpLJmwo'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, mBF12IFFOEARE2eysc.csHigh entropy of concatenated method names: 'c0LXGFdCox', 'gP7XmUbWiX', 'ObxknIvCBm', 'SHHkOAJb7C', 'yBdk2TFFSE', 'l1YkxDj2Ko', 'nhSkZkDVLS', 'q2QkIJDtNu', 'NE1kdImDpE', 'Hh4kuVpgrD'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, zt5ZQmVbkkBqLx1Emv.csHigh entropy of concatenated method names: 'ToString', 'b1ZcNu7fJ8', 'cSMcEkAOMh', 'oKYcnCpAJk', 'XTPcOJ7WT9', 'Gn4c2lsGWT', 'KhScxLD6ph', 'v2TcZ6sfDJ', 'SiXcINeDDv', 'G5fcdcEXv7'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, DSgEOTuxglaQqdyJt4.csHigh entropy of concatenated method names: 'LsFJWK9dLL', 'gHwJ6wcpXg', 'N9oJ1qqrLd', 'qJ2JrT1NBi', 'oF0JPruGI9', 'YJiJXq0fb4', 'VuWJwdkLaG', 'WpQaeCGYrI', 'JGOaSJEWL4', 'fYYaVyOWB2'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, m4NLGFLSi5nwgiFUmZ.csHigh entropy of concatenated method names: 'kOtWhkokEf', 'JNJWg4iNgn', 'CorW9td0JJ', 'BxDWjVnJFi', 'KHaW5JVmVX', 'nqUWc7NSHo', 'cZsG11UTn52cA4cvCf', 'aBD57UAk82QA7TBPtf', 'iH1WWSEytp', 'wYpW6dEGh6'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, IjP6D5cWjjGgXCicYS.csHigh entropy of concatenated method names: 'WAa6sSqc1S', 'WUn6rWJBsl', 'dBA6PtLDN5', 'mcP6kb863q', 'O8e6XwWJ5P', 'END6wlCudo', 'GmU6hhVDVO', 'uJr6gVG3cT', 'spK6ixMmCE', 'dwV699cQPw'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, T7gc9pHBV3sN5iLwRpa.csHigh entropy of concatenated method names: 'hd2JtIwetV', 'XgQJK4tEma', 'CyvJBPlMXp', 'YqwJAUXxrL', 'XTPJGqrSQc', 'U58JDPqj4G', 'fCqJmSwfpp', 'HNZJLya46p', 'kXiJU0OPx2', 'RgbJ0fJAZu'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.47b9c30.1.raw.unpack, Qtc6bKnyg9Tw7yp3vW.csHigh entropy of concatenated method names: 'Gk9arp3FjY', 'ix0aPyZHSB', 'tZ5akBGuFT', 'IENaXyHWcT', 'wRHawk6AG2', 'SVpahhiq50', 'cemagtVdfM', 'Fg1aiNiT8A', 'd5Sa9KKQOU', 'JH8ajVVi5G'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, RW0OBEMZBRha8lPi7Y.csHigh entropy of concatenated method names: 'U4A5usFaGb', 'zYD5qHWnmv', 'z8P5HOytTi', 'XWa5Q6jVjJ', 'jPS5ERXFSD', 'ETx5n87u4E', 'ILk5ObrooB', 'cjv52DPJxE', 'Ydq5xe9GdL', 'QlA5Z0c1JD'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, Elq5flWOXP5Q6q3T3r.csHigh entropy of concatenated method names: 'e3NFSUTouP', 'dmVFYJWBge', 'r2naRi0hbg', 'BhfaWrQEoG', 'PYkFNKXSje', 'PAVFq6lK0O', 'AQeFfZt4HU', 'AoTFHgchdW', 'sY7FQ08Mny', 'suYFMt3SRV'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, ipQMcJSeB9u6PMObKo.csHigh entropy of concatenated method names: 'xFlBAkZZZ', 'LQJAQ50x7', 't7xDuKplu', 'RAumBYYNC', 'DDwUC4uKk', 'jAx0v9snF', 'ybdLi2NeBUhCnQrKDO', 't5NSvCQ28R6cJAhj3V', 'OJYa8IsHb', 'tta3UmkCK'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, g9XJMjAY6v2RTawueQ.csHigh entropy of concatenated method names: 'Dispose', 'enDWVMvg1v', 'PSyCEBxd69', 'xO1yyP6dwx', 'sw1WYGgLHW', 'EwiWzNBjk9', 'ProcessDialogKey', 'og1CRGeTVK', 'siTCWSmf4R', 'eakCC8tmR3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, ok7eroPtk1smVUHZAW.csHigh entropy of concatenated method names: 'xInhtiOMqH', 'zjlhKyLP64', 'QeQhBty2fL', 'j2LhAeYlSN', 'RqChG2oY1X', 'GCahD89lE8', 'T3Phmq1rji', 'kmEhLIYld9', 'pu2hULeBOs', 'B8mh0BdRLM'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, l8eIFKRqy7DJZhgLJ7.csHigh entropy of concatenated method names: 'iCBwsvjEOn', 'kb4wPgnBIl', 'lTwwXUI7sR', 'cJZwhwk4CJ', 'SM3wgmxIye', 'WmYXTR87s7', 'aqGXbH36fR', 'e3TXeDAhJa', 'Y8FXSefcPU', 'DZVXV0SbJu'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, I2V8A0QX4TkkgRwi5N.csHigh entropy of concatenated method names: 'HKdhrCBiyi', 'GkKhkXUpOx', 'SYFhw67q5y', 'D2KwYOg94r', 'vHcwzQ73ci', 'M2DhRLMkGF', 'm1WhWGiV8y', 'onbhCtlsYg', 'r8Dh6hf1t4', 'ODHh1gmhlf'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, zK05wjZFU51aXO1gUi.csHigh entropy of concatenated method names: 'U2V7LH7AeD', 'ugL7UXI2HC', 'oP27pPM6rO', 'vmS7EuH6C7', 'bDc7OxCjfY', 'GIU72hdZfH', 'yL77ZwF9Im', 'tcc7IBsY6v', 'rjo7uOiI4K', 'RGM7NnDKka'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, PmHr01qHTRVv3ooYoc.csHigh entropy of concatenated method names: 'CDekAXp5XA', 'YZ4kDx8IKX', 'aHqkLyO5AD', 'TPGkUid8D4', 'dXfk5hrpJn', 'WulkcEqumj', 'asWkFHnXIZ', 'VeNkaDEdIK', 'm4GkJ7kdyG', 'GAwk3Yn6Gr'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, rhl6gm1YyWv1nFsA5s.csHigh entropy of concatenated method names: 'MSUapAckjb', 'IwDaEYFfNh', 'ISXanC5P69', 'eKxaOkOuyr', 'zsSaHfYF44', 'sQwa2b2qEm', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, gauagME0A2MimyuOoW.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'NgpCVyowR0', 'wlOCY7nCEm', 'RhWCzQKSfb', 'w3G6RpEISZ', 'pTs6WMZKUp', 'TA46CVNvrb', 'vtn66XZ6B7', 'z81FFCfyjgPOymts9jB'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, jw5wIHaY3wWQ2nPBcN.csHigh entropy of concatenated method names: 'RRMF9110jX', 'Vv9Fj0xZ78', 'ToString', 'l4aFrcFidl', 'GjKFPQZMth', 'Mu4Fkjq5GU', 'CtDFXcaTny', 'jvJFw08OqG', 'UYWFhKxGhB', 'VqZFgQ88w3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, pjLLLur9tiSkaioQPu.csHigh entropy of concatenated method names: 'H1ZPHpdNgr', 'O1BPQLH0dy', 'yhmPMC2eDW', 'FmuP4yR6eh', 'ybKPT79phS', 'YhTPbyUjxs', 'QFPPeVFxdf', 'NCRPSjlaUU', 'tqNPVgYh7X', 'w5KPYmJrL3'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, Obo1J1YkSoh2CJ8pK4.csHigh entropy of concatenated method names: 'GggwlXTmJm', 'RkGwtuQbJf', 'GGgwBpmOxe', 'CV1wAGk0of', 'nR7wDTvZlW', 'Yn9wmiAeEP', 'q1gwUNwU3B', 'TEtw08DInI', 'Yctqh6yJ64U02LxZFVP', 'i5GUjLyMcIFJ1IM392W'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, tqra9GvmsmS2fRiQIx.csHigh entropy of concatenated method names: 'XuXwMxaSd0', 'xq0w4YPsfm', 'gEAwTNaCeo', 'ToString', 'B9fwbjsgtm', 'xk8weELGNl', 'DMrV1hyKDK5rgNWSSfH', 'A5IyftyjdpxuiPICjlx', 'QT7pJMycgi4FKpLJmwo'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, mBF12IFFOEARE2eysc.csHigh entropy of concatenated method names: 'c0LXGFdCox', 'gP7XmUbWiX', 'ObxknIvCBm', 'SHHkOAJb7C', 'yBdk2TFFSE', 'l1YkxDj2Ko', 'nhSkZkDVLS', 'q2QkIJDtNu', 'NE1kdImDpE', 'Hh4kuVpgrD'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, zt5ZQmVbkkBqLx1Emv.csHigh entropy of concatenated method names: 'ToString', 'b1ZcNu7fJ8', 'cSMcEkAOMh', 'oKYcnCpAJk', 'XTPcOJ7WT9', 'Gn4c2lsGWT', 'KhScxLD6ph', 'v2TcZ6sfDJ', 'SiXcINeDDv', 'G5fcdcEXv7'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, DSgEOTuxglaQqdyJt4.csHigh entropy of concatenated method names: 'LsFJWK9dLL', 'gHwJ6wcpXg', 'N9oJ1qqrLd', 'qJ2JrT1NBi', 'oF0JPruGI9', 'YJiJXq0fb4', 'VuWJwdkLaG', 'WpQaeCGYrI', 'JGOaSJEWL4', 'fYYaVyOWB2'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, m4NLGFLSi5nwgiFUmZ.csHigh entropy of concatenated method names: 'kOtWhkokEf', 'JNJWg4iNgn', 'CorW9td0JJ', 'BxDWjVnJFi', 'KHaW5JVmVX', 'nqUWc7NSHo', 'cZsG11UTn52cA4cvCf', 'aBD57UAk82QA7TBPtf', 'iH1WWSEytp', 'wYpW6dEGh6'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, IjP6D5cWjjGgXCicYS.csHigh entropy of concatenated method names: 'WAa6sSqc1S', 'WUn6rWJBsl', 'dBA6PtLDN5', 'mcP6kb863q', 'O8e6XwWJ5P', 'END6wlCudo', 'GmU6hhVDVO', 'uJr6gVG3cT', 'spK6ixMmCE', 'dwV699cQPw'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, T7gc9pHBV3sN5iLwRpa.csHigh entropy of concatenated method names: 'hd2JtIwetV', 'XgQJK4tEma', 'CyvJBPlMXp', 'YqwJAUXxrL', 'XTPJGqrSQc', 'U58JDPqj4G', 'fCqJmSwfpp', 'HNZJLya46p', 'kXiJU0OPx2', 'RgbJ0fJAZu'
          Source: 0.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.7c90000.3.raw.unpack, Qtc6bKnyg9Tw7yp3vW.csHigh entropy of concatenated method names: 'Gk9arp3FjY', 'ix0aPyZHSB', 'tZ5akBGuFT', 'IENaXyHWcT', 'wRHawk6AG2', 'SVpahhiq50', 'cemagtVdfM', 'Fg1aiNiT8A', 'd5Sa9KKQOU', 'JH8ajVVi5G'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe PID: 6192, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: 4CA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: 9300000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: A300000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: A520000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: B520000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: B950000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: C950000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184096E rdtsc 4_2_0184096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4818Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 616Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe TID: 6168Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1704Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1028Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.11.drBinary or memory string: VMware
          Source: Amcache.hve.11.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.11.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.11.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.11.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.11.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.11.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.11.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.11.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.11.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.11.drBinary or memory string: vmci.sys
          Source: Amcache.hve.11.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.11.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.11.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.11.drBinary or memory string: VMware20,1
          Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.11.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.11.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.11.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.11.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.11.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.11.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.11.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.11.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184096E rdtsc 4_2_0184096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01842DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01840185 mov eax, dword ptr fs:[00000030h]4_2_01840185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BC188 mov eax, dword ptr fs:[00000030h]4_2_018BC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BC188 mov eax, dword ptr fs:[00000030h]4_2_018BC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A4180 mov eax, dword ptr fs:[00000030h]4_2_018A4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A4180 mov eax, dword ptr fs:[00000030h]4_2_018A4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188019F mov eax, dword ptr fs:[00000030h]4_2_0188019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188019F mov eax, dword ptr fs:[00000030h]4_2_0188019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188019F mov eax, dword ptr fs:[00000030h]4_2_0188019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188019F mov eax, dword ptr fs:[00000030h]4_2_0188019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FC156 mov eax, dword ptr fs:[00000030h]4_2_017FC156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C61C3 mov eax, dword ptr fs:[00000030h]4_2_018C61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C61C3 mov eax, dword ptr fs:[00000030h]4_2_018C61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E1D0 mov eax, dword ptr fs:[00000030h]4_2_0187E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E1D0 mov eax, dword ptr fs:[00000030h]4_2_0187E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0187E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E1D0 mov eax, dword ptr fs:[00000030h]4_2_0187E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E1D0 mov eax, dword ptr fs:[00000030h]4_2_0187E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D61E5 mov eax, dword ptr fs:[00000030h]4_2_018D61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018301F8 mov eax, dword ptr fs:[00000030h]4_2_018301F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov eax, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov ecx, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov eax, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov eax, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov ecx, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov eax, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov eax, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov ecx, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov eax, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE10E mov ecx, dword ptr fs:[00000030h]4_2_018AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AA118 mov ecx, dword ptr fs:[00000030h]4_2_018AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AA118 mov eax, dword ptr fs:[00000030h]4_2_018AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AA118 mov eax, dword ptr fs:[00000030h]4_2_018AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AA118 mov eax, dword ptr fs:[00000030h]4_2_018AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C0115 mov eax, dword ptr fs:[00000030h]4_2_018C0115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01830124 mov eax, dword ptr fs:[00000030h]4_2_01830124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01894144 mov eax, dword ptr fs:[00000030h]4_2_01894144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01894144 mov eax, dword ptr fs:[00000030h]4_2_01894144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01894144 mov ecx, dword ptr fs:[00000030h]4_2_01894144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01894144 mov eax, dword ptr fs:[00000030h]4_2_01894144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01894144 mov eax, dword ptr fs:[00000030h]4_2_01894144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01898158 mov eax, dword ptr fs:[00000030h]4_2_01898158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806154 mov eax, dword ptr fs:[00000030h]4_2_01806154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806154 mov eax, dword ptr fs:[00000030h]4_2_01806154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FA197 mov eax, dword ptr fs:[00000030h]4_2_017FA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FA197 mov eax, dword ptr fs:[00000030h]4_2_017FA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FA197 mov eax, dword ptr fs:[00000030h]4_2_017FA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4164 mov eax, dword ptr fs:[00000030h]4_2_018D4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4164 mov eax, dword ptr fs:[00000030h]4_2_018D4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180208A mov eax, dword ptr fs:[00000030h]4_2_0180208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018980A8 mov eax, dword ptr fs:[00000030h]4_2_018980A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C60B8 mov eax, dword ptr fs:[00000030h]4_2_018C60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C60B8 mov ecx, dword ptr fs:[00000030h]4_2_018C60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018820DE mov eax, dword ptr fs:[00000030h]4_2_018820DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FA020 mov eax, dword ptr fs:[00000030h]4_2_017FA020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FC020 mov eax, dword ptr fs:[00000030h]4_2_017FC020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018860E0 mov eax, dword ptr fs:[00000030h]4_2_018860E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018080E9 mov eax, dword ptr fs:[00000030h]4_2_018080E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018420F0 mov ecx, dword ptr fs:[00000030h]4_2_018420F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01884000 mov ecx, dword ptr fs:[00000030h]4_2_01884000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A2000 mov eax, dword ptr fs:[00000030h]4_2_018A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FC0F0 mov eax, dword ptr fs:[00000030h]4_2_017FC0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E016 mov eax, dword ptr fs:[00000030h]4_2_0181E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E016 mov eax, dword ptr fs:[00000030h]4_2_0181E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E016 mov eax, dword ptr fs:[00000030h]4_2_0181E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E016 mov eax, dword ptr fs:[00000030h]4_2_0181E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FA0E3 mov ecx, dword ptr fs:[00000030h]4_2_017FA0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01896030 mov eax, dword ptr fs:[00000030h]4_2_01896030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01802050 mov eax, dword ptr fs:[00000030h]4_2_01802050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886050 mov eax, dword ptr fs:[00000030h]4_2_01886050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F80A0 mov eax, dword ptr fs:[00000030h]4_2_017F80A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182C073 mov eax, dword ptr fs:[00000030h]4_2_0182C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182438F mov eax, dword ptr fs:[00000030h]4_2_0182438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182438F mov eax, dword ptr fs:[00000030h]4_2_0182438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A3C0 mov eax, dword ptr fs:[00000030h]4_2_0180A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A3C0 mov eax, dword ptr fs:[00000030h]4_2_0180A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A3C0 mov eax, dword ptr fs:[00000030h]4_2_0180A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A3C0 mov eax, dword ptr fs:[00000030h]4_2_0180A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A3C0 mov eax, dword ptr fs:[00000030h]4_2_0180A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A3C0 mov eax, dword ptr fs:[00000030h]4_2_0180A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018083C0 mov eax, dword ptr fs:[00000030h]4_2_018083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018083C0 mov eax, dword ptr fs:[00000030h]4_2_018083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018083C0 mov eax, dword ptr fs:[00000030h]4_2_018083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018083C0 mov eax, dword ptr fs:[00000030h]4_2_018083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BC3CD mov eax, dword ptr fs:[00000030h]4_2_018BC3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018863C0 mov eax, dword ptr fs:[00000030h]4_2_018863C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE3DB mov eax, dword ptr fs:[00000030h]4_2_018AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE3DB mov eax, dword ptr fs:[00000030h]4_2_018AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE3DB mov ecx, dword ptr fs:[00000030h]4_2_018AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AE3DB mov eax, dword ptr fs:[00000030h]4_2_018AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A43D4 mov eax, dword ptr fs:[00000030h]4_2_018A43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A43D4 mov eax, dword ptr fs:[00000030h]4_2_018A43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018103E9 mov eax, dword ptr fs:[00000030h]4_2_018103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FC310 mov ecx, dword ptr fs:[00000030h]4_2_017FC310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E3F0 mov eax, dword ptr fs:[00000030h]4_2_0181E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E3F0 mov eax, dword ptr fs:[00000030h]4_2_0181E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E3F0 mov eax, dword ptr fs:[00000030h]4_2_0181E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018363FF mov eax, dword ptr fs:[00000030h]4_2_018363FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A30B mov eax, dword ptr fs:[00000030h]4_2_0183A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A30B mov eax, dword ptr fs:[00000030h]4_2_0183A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A30B mov eax, dword ptr fs:[00000030h]4_2_0183A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01820310 mov ecx, dword ptr fs:[00000030h]4_2_01820310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D8324 mov eax, dword ptr fs:[00000030h]4_2_018D8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D8324 mov ecx, dword ptr fs:[00000030h]4_2_018D8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D8324 mov eax, dword ptr fs:[00000030h]4_2_018D8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D8324 mov eax, dword ptr fs:[00000030h]4_2_018D8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01882349 mov eax, dword ptr fs:[00000030h]4_2_01882349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D634F mov eax, dword ptr fs:[00000030h]4_2_018D634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188035C mov eax, dword ptr fs:[00000030h]4_2_0188035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188035C mov eax, dword ptr fs:[00000030h]4_2_0188035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188035C mov eax, dword ptr fs:[00000030h]4_2_0188035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188035C mov ecx, dword ptr fs:[00000030h]4_2_0188035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188035C mov eax, dword ptr fs:[00000030h]4_2_0188035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188035C mov eax, dword ptr fs:[00000030h]4_2_0188035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A8350 mov ecx, dword ptr fs:[00000030h]4_2_018A8350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CA352 mov eax, dword ptr fs:[00000030h]4_2_018CA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F8397 mov eax, dword ptr fs:[00000030h]4_2_017F8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F8397 mov eax, dword ptr fs:[00000030h]4_2_017F8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F8397 mov eax, dword ptr fs:[00000030h]4_2_017F8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A437C mov eax, dword ptr fs:[00000030h]4_2_018A437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FE388 mov eax, dword ptr fs:[00000030h]4_2_017FE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FE388 mov eax, dword ptr fs:[00000030h]4_2_017FE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FE388 mov eax, dword ptr fs:[00000030h]4_2_017FE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E284 mov eax, dword ptr fs:[00000030h]4_2_0183E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E284 mov eax, dword ptr fs:[00000030h]4_2_0183E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01880283 mov eax, dword ptr fs:[00000030h]4_2_01880283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01880283 mov eax, dword ptr fs:[00000030h]4_2_01880283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01880283 mov eax, dword ptr fs:[00000030h]4_2_01880283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F826B mov eax, dword ptr fs:[00000030h]4_2_017F826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018102A0 mov eax, dword ptr fs:[00000030h]4_2_018102A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018102A0 mov eax, dword ptr fs:[00000030h]4_2_018102A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018962A0 mov eax, dword ptr fs:[00000030h]4_2_018962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018962A0 mov ecx, dword ptr fs:[00000030h]4_2_018962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018962A0 mov eax, dword ptr fs:[00000030h]4_2_018962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018962A0 mov eax, dword ptr fs:[00000030h]4_2_018962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018962A0 mov eax, dword ptr fs:[00000030h]4_2_018962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018962A0 mov eax, dword ptr fs:[00000030h]4_2_018962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FA250 mov eax, dword ptr fs:[00000030h]4_2_017FA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A2C3 mov eax, dword ptr fs:[00000030h]4_2_0180A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A2C3 mov eax, dword ptr fs:[00000030h]4_2_0180A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A2C3 mov eax, dword ptr fs:[00000030h]4_2_0180A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A2C3 mov eax, dword ptr fs:[00000030h]4_2_0180A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A2C3 mov eax, dword ptr fs:[00000030h]4_2_0180A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F823B mov eax, dword ptr fs:[00000030h]4_2_017F823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D62D6 mov eax, dword ptr fs:[00000030h]4_2_018D62D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018102E1 mov eax, dword ptr fs:[00000030h]4_2_018102E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018102E1 mov eax, dword ptr fs:[00000030h]4_2_018102E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018102E1 mov eax, dword ptr fs:[00000030h]4_2_018102E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01888243 mov eax, dword ptr fs:[00000030h]4_2_01888243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01888243 mov ecx, dword ptr fs:[00000030h]4_2_01888243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D625D mov eax, dword ptr fs:[00000030h]4_2_018D625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806259 mov eax, dword ptr fs:[00000030h]4_2_01806259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BA250 mov eax, dword ptr fs:[00000030h]4_2_018BA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BA250 mov eax, dword ptr fs:[00000030h]4_2_018BA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804260 mov eax, dword ptr fs:[00000030h]4_2_01804260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804260 mov eax, dword ptr fs:[00000030h]4_2_01804260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804260 mov eax, dword ptr fs:[00000030h]4_2_01804260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B0274 mov eax, dword ptr fs:[00000030h]4_2_018B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01802582 mov eax, dword ptr fs:[00000030h]4_2_01802582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01802582 mov ecx, dword ptr fs:[00000030h]4_2_01802582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01834588 mov eax, dword ptr fs:[00000030h]4_2_01834588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E59C mov eax, dword ptr fs:[00000030h]4_2_0183E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018805A7 mov eax, dword ptr fs:[00000030h]4_2_018805A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018805A7 mov eax, dword ptr fs:[00000030h]4_2_018805A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018805A7 mov eax, dword ptr fs:[00000030h]4_2_018805A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018245B1 mov eax, dword ptr fs:[00000030h]4_2_018245B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018245B1 mov eax, dword ptr fs:[00000030h]4_2_018245B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E5CF mov eax, dword ptr fs:[00000030h]4_2_0183E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E5CF mov eax, dword ptr fs:[00000030h]4_2_0183E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018065D0 mov eax, dword ptr fs:[00000030h]4_2_018065D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A5D0 mov eax, dword ptr fs:[00000030h]4_2_0183A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A5D0 mov eax, dword ptr fs:[00000030h]4_2_0183A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018025E0 mov eax, dword ptr fs:[00000030h]4_2_018025E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E5E7 mov eax, dword ptr fs:[00000030h]4_2_0182E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C5ED mov eax, dword ptr fs:[00000030h]4_2_0183C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C5ED mov eax, dword ptr fs:[00000030h]4_2_0183C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01896500 mov eax, dword ptr fs:[00000030h]4_2_01896500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4500 mov eax, dword ptr fs:[00000030h]4_2_018D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810535 mov eax, dword ptr fs:[00000030h]4_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810535 mov eax, dword ptr fs:[00000030h]4_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810535 mov eax, dword ptr fs:[00000030h]4_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810535 mov eax, dword ptr fs:[00000030h]4_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810535 mov eax, dword ptr fs:[00000030h]4_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810535 mov eax, dword ptr fs:[00000030h]4_2_01810535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E53E mov eax, dword ptr fs:[00000030h]4_2_0182E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E53E mov eax, dword ptr fs:[00000030h]4_2_0182E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E53E mov eax, dword ptr fs:[00000030h]4_2_0182E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E53E mov eax, dword ptr fs:[00000030h]4_2_0182E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E53E mov eax, dword ptr fs:[00000030h]4_2_0182E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808550 mov eax, dword ptr fs:[00000030h]4_2_01808550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808550 mov eax, dword ptr fs:[00000030h]4_2_01808550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183656A mov eax, dword ptr fs:[00000030h]4_2_0183656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183656A mov eax, dword ptr fs:[00000030h]4_2_0183656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183656A mov eax, dword ptr fs:[00000030h]4_2_0183656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BA49A mov eax, dword ptr fs:[00000030h]4_2_018BA49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F645D mov eax, dword ptr fs:[00000030h]4_2_017F645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018064AB mov eax, dword ptr fs:[00000030h]4_2_018064AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018344B0 mov ecx, dword ptr fs:[00000030h]4_2_018344B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188A4B0 mov eax, dword ptr fs:[00000030h]4_2_0188A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FC427 mov eax, dword ptr fs:[00000030h]4_2_017FC427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FE420 mov eax, dword ptr fs:[00000030h]4_2_017FE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FE420 mov eax, dword ptr fs:[00000030h]4_2_017FE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FE420 mov eax, dword ptr fs:[00000030h]4_2_017FE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018004E5 mov ecx, dword ptr fs:[00000030h]4_2_018004E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01838402 mov eax, dword ptr fs:[00000030h]4_2_01838402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01838402 mov eax, dword ptr fs:[00000030h]4_2_01838402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01838402 mov eax, dword ptr fs:[00000030h]4_2_01838402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01886420 mov eax, dword ptr fs:[00000030h]4_2_01886420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A430 mov eax, dword ptr fs:[00000030h]4_2_0183A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183E443 mov eax, dword ptr fs:[00000030h]4_2_0183E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182245A mov eax, dword ptr fs:[00000030h]4_2_0182245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018BA456 mov eax, dword ptr fs:[00000030h]4_2_018BA456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188C460 mov ecx, dword ptr fs:[00000030h]4_2_0188C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182A470 mov eax, dword ptr fs:[00000030h]4_2_0182A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182A470 mov eax, dword ptr fs:[00000030h]4_2_0182A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182A470 mov eax, dword ptr fs:[00000030h]4_2_0182A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A678E mov eax, dword ptr fs:[00000030h]4_2_018A678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B47A0 mov eax, dword ptr fs:[00000030h]4_2_018B47A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018007AF mov eax, dword ptr fs:[00000030h]4_2_018007AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180C7C0 mov eax, dword ptr fs:[00000030h]4_2_0180C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018807C3 mov eax, dword ptr fs:[00000030h]4_2_018807C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188E7E1 mov eax, dword ptr fs:[00000030h]4_2_0188E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018227ED mov eax, dword ptr fs:[00000030h]4_2_018227ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018227ED mov eax, dword ptr fs:[00000030h]4_2_018227ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018227ED mov eax, dword ptr fs:[00000030h]4_2_018227ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018047FB mov eax, dword ptr fs:[00000030h]4_2_018047FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018047FB mov eax, dword ptr fs:[00000030h]4_2_018047FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C700 mov eax, dword ptr fs:[00000030h]4_2_0183C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800710 mov eax, dword ptr fs:[00000030h]4_2_01800710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01830710 mov eax, dword ptr fs:[00000030h]4_2_01830710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C720 mov eax, dword ptr fs:[00000030h]4_2_0183C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C720 mov eax, dword ptr fs:[00000030h]4_2_0183C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187C730 mov eax, dword ptr fs:[00000030h]4_2_0187C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183273C mov eax, dword ptr fs:[00000030h]4_2_0183273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183273C mov ecx, dword ptr fs:[00000030h]4_2_0183273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183273C mov eax, dword ptr fs:[00000030h]4_2_0183273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183674D mov esi, dword ptr fs:[00000030h]4_2_0183674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183674D mov eax, dword ptr fs:[00000030h]4_2_0183674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183674D mov eax, dword ptr fs:[00000030h]4_2_0183674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800750 mov eax, dword ptr fs:[00000030h]4_2_01800750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842750 mov eax, dword ptr fs:[00000030h]4_2_01842750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842750 mov eax, dword ptr fs:[00000030h]4_2_01842750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188E75D mov eax, dword ptr fs:[00000030h]4_2_0188E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01884755 mov eax, dword ptr fs:[00000030h]4_2_01884755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808770 mov eax, dword ptr fs:[00000030h]4_2_01808770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810770 mov eax, dword ptr fs:[00000030h]4_2_01810770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804690 mov eax, dword ptr fs:[00000030h]4_2_01804690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804690 mov eax, dword ptr fs:[00000030h]4_2_01804690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C6A6 mov eax, dword ptr fs:[00000030h]4_2_0183C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018366B0 mov eax, dword ptr fs:[00000030h]4_2_018366B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0183A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A6C7 mov eax, dword ptr fs:[00000030h]4_2_0183A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E6F2 mov eax, dword ptr fs:[00000030h]4_2_0187E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E6F2 mov eax, dword ptr fs:[00000030h]4_2_0187E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E6F2 mov eax, dword ptr fs:[00000030h]4_2_0187E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E6F2 mov eax, dword ptr fs:[00000030h]4_2_0187E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018806F1 mov eax, dword ptr fs:[00000030h]4_2_018806F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018806F1 mov eax, dword ptr fs:[00000030h]4_2_018806F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181260B mov eax, dword ptr fs:[00000030h]4_2_0181260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E609 mov eax, dword ptr fs:[00000030h]4_2_0187E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01842619 mov eax, dword ptr fs:[00000030h]4_2_01842619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01836620 mov eax, dword ptr fs:[00000030h]4_2_01836620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01838620 mov eax, dword ptr fs:[00000030h]4_2_01838620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181E627 mov eax, dword ptr fs:[00000030h]4_2_0181E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180262C mov eax, dword ptr fs:[00000030h]4_2_0180262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0181C640 mov eax, dword ptr fs:[00000030h]4_2_0181C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C866E mov eax, dword ptr fs:[00000030h]4_2_018C866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C866E mov eax, dword ptr fs:[00000030h]4_2_018C866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A660 mov eax, dword ptr fs:[00000030h]4_2_0183A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A660 mov eax, dword ptr fs:[00000030h]4_2_0183A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01832674 mov eax, dword ptr fs:[00000030h]4_2_01832674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018129A0 mov eax, dword ptr fs:[00000030h]4_2_018129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018009AD mov eax, dword ptr fs:[00000030h]4_2_018009AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018009AD mov eax, dword ptr fs:[00000030h]4_2_018009AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018889B3 mov esi, dword ptr fs:[00000030h]4_2_018889B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018889B3 mov eax, dword ptr fs:[00000030h]4_2_018889B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018889B3 mov eax, dword ptr fs:[00000030h]4_2_018889B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018969C0 mov eax, dword ptr fs:[00000030h]4_2_018969C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A9D0 mov eax, dword ptr fs:[00000030h]4_2_0180A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A9D0 mov eax, dword ptr fs:[00000030h]4_2_0180A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A9D0 mov eax, dword ptr fs:[00000030h]4_2_0180A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A9D0 mov eax, dword ptr fs:[00000030h]4_2_0180A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A9D0 mov eax, dword ptr fs:[00000030h]4_2_0180A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180A9D0 mov eax, dword ptr fs:[00000030h]4_2_0180A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018349D0 mov eax, dword ptr fs:[00000030h]4_2_018349D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CA9D3 mov eax, dword ptr fs:[00000030h]4_2_018CA9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F8918 mov eax, dword ptr fs:[00000030h]4_2_017F8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F8918 mov eax, dword ptr fs:[00000030h]4_2_017F8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188E9E0 mov eax, dword ptr fs:[00000030h]4_2_0188E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018329F9 mov eax, dword ptr fs:[00000030h]4_2_018329F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018329F9 mov eax, dword ptr fs:[00000030h]4_2_018329F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E908 mov eax, dword ptr fs:[00000030h]4_2_0187E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187E908 mov eax, dword ptr fs:[00000030h]4_2_0187E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188C912 mov eax, dword ptr fs:[00000030h]4_2_0188C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188892A mov eax, dword ptr fs:[00000030h]4_2_0188892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0189892B mov eax, dword ptr fs:[00000030h]4_2_0189892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4940 mov eax, dword ptr fs:[00000030h]4_2_018D4940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01880946 mov eax, dword ptr fs:[00000030h]4_2_01880946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01826962 mov eax, dword ptr fs:[00000030h]4_2_01826962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01826962 mov eax, dword ptr fs:[00000030h]4_2_01826962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01826962 mov eax, dword ptr fs:[00000030h]4_2_01826962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184096E mov eax, dword ptr fs:[00000030h]4_2_0184096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184096E mov edx, dword ptr fs:[00000030h]4_2_0184096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0184096E mov eax, dword ptr fs:[00000030h]4_2_0184096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A4978 mov eax, dword ptr fs:[00000030h]4_2_018A4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A4978 mov eax, dword ptr fs:[00000030h]4_2_018A4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188C97C mov eax, dword ptr fs:[00000030h]4_2_0188C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800887 mov eax, dword ptr fs:[00000030h]4_2_01800887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188C89D mov eax, dword ptr fs:[00000030h]4_2_0188C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182E8C0 mov eax, dword ptr fs:[00000030h]4_2_0182E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D08C0 mov eax, dword ptr fs:[00000030h]4_2_018D08C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CA8E4 mov eax, dword ptr fs:[00000030h]4_2_018CA8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C8F9 mov eax, dword ptr fs:[00000030h]4_2_0183C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183C8F9 mov eax, dword ptr fs:[00000030h]4_2_0183C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188C810 mov eax, dword ptr fs:[00000030h]4_2_0188C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A483A mov eax, dword ptr fs:[00000030h]4_2_018A483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A483A mov eax, dword ptr fs:[00000030h]4_2_018A483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183A830 mov eax, dword ptr fs:[00000030h]4_2_0183A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822835 mov eax, dword ptr fs:[00000030h]4_2_01822835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822835 mov eax, dword ptr fs:[00000030h]4_2_01822835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822835 mov eax, dword ptr fs:[00000030h]4_2_01822835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822835 mov ecx, dword ptr fs:[00000030h]4_2_01822835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822835 mov eax, dword ptr fs:[00000030h]4_2_01822835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01822835 mov eax, dword ptr fs:[00000030h]4_2_01822835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01812840 mov ecx, dword ptr fs:[00000030h]4_2_01812840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01830854 mov eax, dword ptr fs:[00000030h]4_2_01830854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804859 mov eax, dword ptr fs:[00000030h]4_2_01804859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01804859 mov eax, dword ptr fs:[00000030h]4_2_01804859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01896870 mov eax, dword ptr fs:[00000030h]4_2_01896870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01896870 mov eax, dword ptr fs:[00000030h]4_2_01896870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188E872 mov eax, dword ptr fs:[00000030h]4_2_0188E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188E872 mov eax, dword ptr fs:[00000030h]4_2_0188E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017FCB7E mov eax, dword ptr fs:[00000030h]4_2_017FCB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_017F8B50 mov eax, dword ptr fs:[00000030h]4_2_017F8B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B4BB0 mov eax, dword ptr fs:[00000030h]4_2_018B4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B4BB0 mov eax, dword ptr fs:[00000030h]4_2_018B4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810BBE mov eax, dword ptr fs:[00000030h]4_2_01810BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01810BBE mov eax, dword ptr fs:[00000030h]4_2_01810BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01820BCB mov eax, dword ptr fs:[00000030h]4_2_01820BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01820BCB mov eax, dword ptr fs:[00000030h]4_2_01820BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01820BCB mov eax, dword ptr fs:[00000030h]4_2_01820BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800BCD mov eax, dword ptr fs:[00000030h]4_2_01800BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800BCD mov eax, dword ptr fs:[00000030h]4_2_01800BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800BCD mov eax, dword ptr fs:[00000030h]4_2_01800BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AEBD0 mov eax, dword ptr fs:[00000030h]4_2_018AEBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808BF0 mov eax, dword ptr fs:[00000030h]4_2_01808BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808BF0 mov eax, dword ptr fs:[00000030h]4_2_01808BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808BF0 mov eax, dword ptr fs:[00000030h]4_2_01808BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188CBF0 mov eax, dword ptr fs:[00000030h]4_2_0188CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182EBFC mov eax, dword ptr fs:[00000030h]4_2_0182EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4B00 mov eax, dword ptr fs:[00000030h]4_2_018D4B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0187EB1D mov eax, dword ptr fs:[00000030h]4_2_0187EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182EB20 mov eax, dword ptr fs:[00000030h]4_2_0182EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182EB20 mov eax, dword ptr fs:[00000030h]4_2_0182EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C8B28 mov eax, dword ptr fs:[00000030h]4_2_018C8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018C8B28 mov eax, dword ptr fs:[00000030h]4_2_018C8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B4B4B mov eax, dword ptr fs:[00000030h]4_2_018B4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018B4B4B mov eax, dword ptr fs:[00000030h]4_2_018B4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018A8B42 mov eax, dword ptr fs:[00000030h]4_2_018A8B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01896B40 mov eax, dword ptr fs:[00000030h]4_2_01896B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01896B40 mov eax, dword ptr fs:[00000030h]4_2_01896B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018CAB40 mov eax, dword ptr fs:[00000030h]4_2_018CAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018AEB50 mov eax, dword ptr fs:[00000030h]4_2_018AEB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D2B57 mov eax, dword ptr fs:[00000030h]4_2_018D2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D2B57 mov eax, dword ptr fs:[00000030h]4_2_018D2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D2B57 mov eax, dword ptr fs:[00000030h]4_2_018D2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D2B57 mov eax, dword ptr fs:[00000030h]4_2_018D2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0180EA80 mov eax, dword ptr fs:[00000030h]4_2_0180EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_018D4A80 mov eax, dword ptr fs:[00000030h]4_2_018D4A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01838A90 mov edx, dword ptr fs:[00000030h]4_2_01838A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808AA0 mov eax, dword ptr fs:[00000030h]4_2_01808AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01808AA0 mov eax, dword ptr fs:[00000030h]4_2_01808AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01856AA4 mov eax, dword ptr fs:[00000030h]4_2_01856AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01856ACC mov eax, dword ptr fs:[00000030h]4_2_01856ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01856ACC mov eax, dword ptr fs:[00000030h]4_2_01856ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01856ACC mov eax, dword ptr fs:[00000030h]4_2_01856ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01800AD0 mov eax, dword ptr fs:[00000030h]4_2_01800AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01834AD0 mov eax, dword ptr fs:[00000030h]4_2_01834AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01834AD0 mov eax, dword ptr fs:[00000030h]4_2_01834AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183AAEE mov eax, dword ptr fs:[00000030h]4_2_0183AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183AAEE mov eax, dword ptr fs:[00000030h]4_2_0183AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0188CA11 mov eax, dword ptr fs:[00000030h]4_2_0188CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183CA24 mov eax, dword ptr fs:[00000030h]4_2_0183CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0182EA2E mov eax, dword ptr fs:[00000030h]4_2_0182EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01824A35 mov eax, dword ptr fs:[00000030h]4_2_01824A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01824A35 mov eax, dword ptr fs:[00000030h]4_2_01824A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_0183CA38 mov eax, dword ptr fs:[00000030h]4_2_0183CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806A50 mov eax, dword ptr fs:[00000030h]4_2_01806A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806A50 mov eax, dword ptr fs:[00000030h]4_2_01806A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806A50 mov eax, dword ptr fs:[00000030h]4_2_01806A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeCode function: 4_2_01806A50 mov eax, dword ptr fs:[00000030h]4_2_01806A50
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546266 Sample: SecuriteInfo.com.BackDoor.A... Startdate: 31/10/2024 Architecture: WINDOWS Score: 100 24 Malicious sample detected (through community Yara rule) 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected FormBook 2->28 30 5 other signatures 2->30 7 SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe 4 2->7         started        process3 file4 22 SecuriteInfo.com.B...15021.21756.exe.log, ASCII 7->22 dropped 32 Adds a directory exclusion to Windows Defender 7->32 34 Injects a PE file into a foreign processes 7->34 11 powershell.exe 23 7->11         started        14 SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe 7->14         started        signatures5 process6 signatures7 36 Loading BitLocker PowerShell Module 11->36 16 WmiPrvSE.exe 11->16         started        18 conhost.exe 11->18         started        20 WerFault.exe 21 16 14->20         started        process8

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe55%ReversingLabsByteCode-MSIL.Backdoor.FormBook
          SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fontbureau.com0%URL Reputationsafe
          http://www.fontbureau.com/designersG0%URL Reputationsafe
          http://www.fontbureau.com/designers/?0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.fontbureau.com/designers?0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://upx.sf.net0%URL Reputationsafe
          http://www.fontbureau.com/designers0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.fontbureau.com/designers80%URL Reputationsafe
          http://www.fonts.com0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
            		unknown
            http://www.fontbureau.comSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designersGSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers/?SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.founder.com.cn/cn/bTheSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers?SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Gamee.xsd7PoisonRoulette.GameResourceSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exefalse
              		unknown
              http://www.tiro.comSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://upx.sf.netAmcache.hve.11.drfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.goodfont.co.krSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.carterandcone.comlSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.sajatypeworks.comSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.typography.netDSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.founder.com.cn/cn/cTheSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.founder.com.cn/cnSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.jiyu-kobo.co.jp/SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designers8SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fonts.comSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.sandoll.co.krSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.urwpp.deDPleaseSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.zhongyicts.com.cnSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1875968569.0000000002CF0000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.sakkal.comSecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896784883.0000000006E32000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe, 00000000.00000002.1896055683.0000000005750000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1546266
              Start date and time:2024-10-31 17:28:18 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 14s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:13
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@8/11@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 97%
              • Number of executed functions: 40
              • Number of non-executed functions: 277
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.168.117.173
              • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_7354ccdc3b64e87b5a757e2e252769fdbcc83bf0_ce23567b_b0197ee0-6474-4a70-9cdb-164f529d71d1\Report.wer

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):65536
              Entropy (8bit):0.678608188926568
              Encrypted:false
              SSDEEP:96:u4zFw04xhiZ0vsQ7j5QppUflQXIDcQvc6QcEVcw3cE/lPF+HbHsZAX/d5FMT2Slc:9O7nxvE0BU/wjlzuiFhZ24IO8a
              MD5:4D0DB0569028E67CDE1F097C1C79C145
              SHA1:E11EB3A2902D3B6C086CBF9644B236F0F0D2491C
              SHA-256:9D91D5E4879C4C2A2ABA5329FE2E7EA9A807227579728B3AF32E2885CB91EEE0
              SHA-512:A878E9E63F4D0F82D8B7B38A6552EE788099E2BBFD3FC04D19D63B06552E809A670BC285B5A171EC0EF16F6C332E8D2055697D6F028611DB38D232B1830EB09C
              Malicious:false
              Reputation:low
              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.8.6.5.7.8.2.2.4.9.0.8.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.8.6.5.7.8.2.5.1.4.7.0.2.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.0.1.9.7.e.e.0.-.6.4.7.4.-.4.a.7.0.-.9.c.d.b.-.1.6.4.f.5.2.9.d.7.1.d.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.0.5.5.c.7.7.-.e.5.9.e.-.4.1.4.8.-.b.4.9.8.-.c.c.b.8.c.c.4.a.6.6.0.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...B.a.c.k.D.o.o.r...A.g.e.n.t.T.e.s.l.a.N.E.T...2.0...1.5.0.2.1...2.1.7.5.6...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.p.x.N.z...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.e.8.-.0.0.0.1.-.0.0.1.4.-.5.b.5.e.-.9.a.0.d.b.2.2.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.5.6.4.1.d.d.1.b.d.5.6.3.3.c.f.c.9.d.0.4.f.a.2.b.c.7.8.8.2.c.c.0.0.0.0.0.0.0.0.

              C:\ProgramData\Microsoft\Windows\WER\Temp\WER677C.tmp.dmp

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:Mini DuMP crash report, 14 streams, Thu Oct 31 16:29:42 2024, 0x1205a4 type
              Category:dropped
              Size (bytes):24846
              Entropy (8bit):1.7784388707067946
              Encrypted:false
              SSDEEP:192:WInAQbOVEJQbqMYo6ymF/hr9h3lKY8FVc:bAl4QbqT9RHlKRV
              MD5:08915F7F0B9D8F0B5699186A65B1196E
              SHA1:A43B0CDA815C87B540794875AEC7965288F83072
              SHA-256:1F977D20A0825C094623E9BA308E0D09E58081AC25FE81E133C9E102BE6BAAB2
              SHA-512:0970F1C68FDE819A08209218C9E0099501C88B7945542809D87108BCBEDA2B2557DD7CCEEB56962E33C22FFFCE9A84E4FDB215D85DDA355E4BDE0D27C7E71056
              Malicious:false
              Reputation:low
              Preview:MDMP..a..... .......v.#g............4...............<.......d...T...........T.......8...........T...........0....X......................................................................................................eJ......L.......GenuineIntel............T...........f.#g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\Microsoft\Windows\WER\Temp\WER67CB.tmp.WERInternalMetadata.xml

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):6552
              Entropy (8bit):3.7198970859972333
              Encrypted:false
              SSDEEP:96:RSIU6o7wVetbM5f6QL8RYHeBayQE/tNu5aM4UO89bHFsfFtm:R6l7wVeJof6Q0Y+cyaprO89bHFsfFtm
              MD5:AACDFCE32EE82CD58BCD2A3A5060CBEC
              SHA1:33BA262BFB4BB6CDC82251E33C68BB6F8042273B
              SHA-256:A86A1F087340AA6A33F3AAE2DA4F907BF13C49701457712DF6D2AE00EFAFFAC9
              SHA-512:B51E9FDC8539C746B36BC40CFF6A1D400A511C19820385A1B7613133A6DA45CA2DBF9E4CD48B6D42A098D0E63316C01AB8E2ECB87BEB91EF12919FCFDB58D623
              Malicious:false
              Reputation:low
              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.5.3.6.<./.P.i.

              C:\ProgramData\Microsoft\Windows\WER\Temp\WER67EB.tmp.xml

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):4946
              Entropy (8bit):4.5851343725510585
              Encrypted:false
              SSDEEP:96:uIjfjI7j37VHJ9oNgcMotTCmpmqAkuQuyd:uIPYj37bK9BVpmqAhdQ
              MD5:C2BA432BEE4941071492B88A32BBCD41
              SHA1:24070D2DF5D05F0E95FAAC54F0C12C6C2FCB969A
              SHA-256:C53437F06ED1E865520F46336C4F8001DDDCB0F733FF13E496241BC6D4931F91
              SHA-512:E0CDEC9B542F9DCAAC94D6EB5674D4444FDA424C6BA6770FB40EFABA434FDE20C682688FC3BD8CB3DAAD1E063D9B07C18E92DA40AD4B75B1A66B8B1152E99C9A
              Malicious:false
              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="567812" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.log

              Download File
              Process:C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:data
              Category:dropped
              Size (bytes):2232
              Entropy (8bit):5.376140893929912
              Encrypted:false
              SSDEEP:48:pWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//8M0Uyus:pLHxvCsIfA2KRHmOugw1s
              MD5:63D157830043BDC24C24B955F5D783C9
              SHA1:026DBD7ADFB9387351DD42EA3E0BF4959D0F02C7
              SHA-256:56C02603776FBFC7B7C52743BCB2BB8BA1F44EEBC1BB739DC3F77C45132ED198
              SHA-512:49509D9AA8A67FDEDF1CF1A3445EC3BEA441C0A6799F82B12AC75EC4BED9D2F25DDB01AB840C7059D0939706B6BF467FB1F6836C46D522B35352F114EC2A86B2
              Malicious:false
              Preview:@...e...................................0.......................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30rpx5wz.0wy.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5oueypog.m1r.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azvd350z.zns.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5fj4kfr.lm0.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Windows\appcompat\Programs\Amcache.hve

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:MS Windows registry file, NT/2000 or above
              Category:dropped
              Size (bytes):1835008
              Entropy (8bit):4.465918769390437
              Encrypted:false
              SSDEEP:6144:4IXfpi67eLPU9skLmb0b4mWSPKaJG8nAgejZMMhA2gX4WABl0uN3dwBCswSbL:tXD94mWlLZMM6YFHx+L
              MD5:B7A897AA33B6F6D960AC54C9BA97D740
              SHA1:E175994BAC36C8C42632A2D6D98173B56FC3E8AB
              SHA-256:1C21DAAB71CBF12D4A483A0D79770DDD6B469EC2C43A25BFCB8260A684A1C085
              SHA-512:B531F8459C0BD3EA746B4D6FBBED069939CC9A9E5842801E5D5D20A862E4ACC0ABDECD3C31B85810CB491A92D893D4570B8E00FD108DC08F7EFD6889FF358769
              Malicious:false
              Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....+...............................................................................................................................................................................................................................................................................................................................................M."........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.806157577434162
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              • Win32 Executable (generic) a (10002005/4) 49.78%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              File name:SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
              File size:860'160 bytes
              MD5:af65821d2f5fe034ca3d446323919fc2
              SHA1:e76a08a3d02185f0f5d2c03d292e04dcfad7d523
              SHA256:2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
              SHA512:b6782ce22e2410c68edbf41cf5642400fa40b836577012b7ee1357980ec25256acc0f7e178e086dda9d80eca4cd9ee8aed4f9fce76fd0aa2502d5d0b44d7ae27
              SSDEEP:24576:0p7iek6rKytyOdGzA4j4+oH7SH59Tn1jd1AT:0p7zllcOdRyM7SHr5d1
              TLSH:3C05DFE03A32772ADEA55975D259DDB682F50AA8B104BEF719CC3B4335CC220AE1CF45
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$."g..............0......>......J.... ........@.. .......................`............@................................

              File Icon

              Icon Hash:0f6dce92c6cc330e

              Static PE Info

              General

              Entrypoint:0x4cff4a
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x6722EF24 [Thu Oct 31 02:44:52 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              push ebx
              add byte ptr [ecx+00h], bh
              jnc 00007F99EC8C06F2h
              je 00007F99EC8C06F2h
              add byte ptr [ebp+00h], ch
              add byte ptr [ecx+00h], al
              arpl word ptr [eax], ax
              je 00007F99EC8C06F2h
              imul eax, dword ptr [eax], 00610076h
              je 00007F99EC8C06F2h
              outsd
              add byte ptr [edx+00h], dh
              push eax
              add byte ptr [edi+00h], ch
              imul eax, dword ptr [eax], 006F0073h
              outsb
              add byte ptr [edx+00h], dl
              outsd
              add byte ptr [ebp+00h], dh
              insb
              add byte ptr [ebp+00h], ah
              je 00007F99EC8C06F2h
              je 00007F99EC8C06F2h
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [ebx], al
              add byte ptr [ebx], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xcfef80x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd00000x3b84.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd40000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xcdf900xce000ff1833a2fef5455c12f9d9b40968dccdFalse0.8850405794902912data7.807275575545102IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xd00000x3b840x3c006a9778460fe23d5ab993cb4d8e21ef72False0.9491536458333333data7.7899169743938685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xd40000xc0x2006ea755322ca3e2d81b5833ad7dcaee97False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0xd00c80x3757PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9928001694077786
              RT_GROUP_ICON0xd38300x14data1.05
              RT_VERSION0xd38540x32cdata0.45320197044334976

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              No network behavior found

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:12:29:07
              Start date:31/10/2024
              Path:C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
              Imagebase:0x980000
              File size:860'160 bytes
              MD5 hash:AF65821D2F5FE034CA3D446323919FC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:3
              Start time:12:29:26
              Start date:31/10/2024
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
              Imagebase:0xd90000
              File size:433'152 bytes
              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:4
              Start time:12:29:27
              Start date:31/10/2024
              Path:C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
              Imagebase:0xd30000
              File size:860'160 bytes
              MD5 hash:AF65821D2F5FE034CA3D446323919FC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
              Reputation:low
              Has exited:true

              General

              Target ID:5
              Start time:12:29:27
              Start date:31/10/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff7699e0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:6
              Start time:12:29:31
              Start date:31/10/2024
              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Imagebase:0x7ff693ab0000
              File size:496'640 bytes
              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
              Has elevated privileges:true
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:11
              Start time:12:29:42
              Start date:31/10/2024
              Path:C:\Windows\SysWOW64\WerFault.exe
              Wow64 process (32bit):true
              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 200
              Imagebase:0xa70000
              File size:483'680 bytes
              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:11.2%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:7.2%
                Total number of Nodes:181
                Total number of Limit Nodes:11
                execution_graph 31371 9100280 31372 91002ba 31371->31372 31373 910034b 31372->31373 31377 9100369 31372->31377 31382 9100378 31372->31382 31374 9100341 31378 91007fd 31377->31378 31379 91003a6 31377->31379 31378->31374 31379->31378 31387 9100ca0 31379->31387 31394 9100c8f 31379->31394 31383 91007fd 31382->31383 31384 91003a6 31382->31384 31383->31374 31384->31383 31385 9100ca0 2 API calls 31384->31385 31386 9100c8f 2 API calls 31384->31386 31385->31383 31386->31383 31388 9100cba 31387->31388 31392 9100ca0 CreateIconFromResourceEx 31387->31392 31393 9100c8f CreateIconFromResourceEx 31387->31393 31389 9100cc7 31388->31389 31390 9100cdf CreateIconFromResourceEx 31388->31390 31389->31378 31391 9100d6e 31390->31391 31391->31378 31392->31388 31393->31388 31399 9100ca0 CreateIconFromResourceEx 31394->31399 31400 9100c8f CreateIconFromResourceEx 31394->31400 31395 9100cba 31396 9100cc7 31395->31396 31397 9100cdf CreateIconFromResourceEx 31395->31397 31396->31378 31398 9100d6e 31397->31398 31398->31378 31399->31395 31400->31395 31357 51cd298 31358 51cd2de 31357->31358 31362 51cd478 31358->31362 31365 51cd469 31358->31365 31359 51cd3cb 31368 51cb538 31362->31368 31366 51cd4a6 31365->31366 31367 51cb538 DuplicateHandle 31365->31367 31366->31359 31367->31366 31369 51cd4e0 DuplicateHandle 31368->31369 31370 51cd4a6 31369->31370 31370->31359 31409 6dc6ba8 31410 6dc6d33 31409->31410 31412 6dc6bce 31409->31412 31412->31410 31413 6dc67a4 31412->31413 31414 6dc6e28 PostMessageW 31413->31414 31415 6dc6e94 31414->31415 31415->31412 31416 51c4668 31417 51c4672 31416->31417 31419 51c4758 31416->31419 31420 51c477d 31419->31420 31424 51c4868 31420->31424 31428 51c4859 31420->31428 31426 51c488f 31424->31426 31425 51c496c 31425->31425 31426->31425 31432 51c44d4 31426->31432 31429 51c488f 31428->31429 31430 51c496c 31429->31430 31431 51c44d4 CreateActCtxA 31429->31431 31431->31430 31433 51c58f8 CreateActCtxA 31432->31433 31435 51c59bb 31433->31435 31401 51cadf0 31404 51caed9 31401->31404 31402 51cadff 31406 51caee5 31404->31406 31405 51caf1c 31405->31402 31406->31405 31407 51cb120 GetModuleHandleW 31406->31407 31408 51cb14d 31407->31408 31408->31402 31436 6dc4821 31437 6dc47ae 31436->31437 31438 6dc47be 31436->31438 31437->31438 31441 6dc5628 31437->31441 31458 6dc5618 31437->31458 31443 6dc5642 31441->31443 31442 6dc5666 31442->31438 31475 6dc60c7 31443->31475 31480 6dc5f85 31443->31480 31486 6dc5e24 31443->31486 31490 6dc5ce9 31443->31490 31495 6dc5ea9 31443->31495 31500 6dc62e9 31443->31500 31505 6dc5a2e 31443->31505 31511 6dc5db2 31443->31511 31515 6dc6057 31443->31515 31520 6dc6414 31443->31520 31525 6dc5d7a 31443->31525 31530 6dc5d19 31443->31530 31535 6dc5bbc 31443->31535 31540 6dc5d41 31443->31540 31459 6dc5642 31458->31459 31461 6dc5bbc 2 API calls 31459->31461 31462 6dc5d19 2 API calls 31459->31462 31463 6dc5d7a 2 API calls 31459->31463 31464 6dc6414 2 API calls 31459->31464 31465 6dc6057 2 API calls 31459->31465 31466 6dc5db2 2 API calls 31459->31466 31467 6dc5a2e 2 API calls 31459->31467 31468 6dc62e9 2 API calls 31459->31468 31469 6dc5ea9 2 API calls 31459->31469 31470 6dc5ce9 2 API calls 31459->31470 31471 6dc5e24 2 API calls 31459->31471 31472 6dc5f85 2 API calls 31459->31472 31473 6dc60c7 2 API calls 31459->31473 31474 6dc5d41 4 API calls 31459->31474 31460 6dc5666 31460->31438 31461->31460 31462->31460 31463->31460 31464->31460 31465->31460 31466->31460 31467->31460 31468->31460 31469->31460 31470->31460 31471->31460 31472->31460 31473->31460 31474->31460 31476 6dc5d39 31475->31476 31477 6dc5bfe 31476->31477 31547 6dc3e28 31476->31547 31551 6dc3e20 31476->31551 31477->31442 31482 6dc5d91 31480->31482 31481 6dc5f99 31481->31442 31482->31481 31555 6dc4158 31482->31555 31559 6dc4160 31482->31559 31483 6dc644b 31563 6dc4068 31486->31563 31567 6dc4070 31486->31567 31487 6dc5c28 31487->31442 31491 6dc5cff 31490->31491 31493 6dc4068 WriteProcessMemory 31491->31493 31494 6dc4070 WriteProcessMemory 31491->31494 31492 6dc5ee1 31493->31492 31494->31492 31496 6dc5eaf 31495->31496 31498 6dc4068 WriteProcessMemory 31496->31498 31499 6dc4070 WriteProcessMemory 31496->31499 31497 6dc5ee1 31498->31497 31499->31497 31501 6dc635a 31500->31501 31571 6dc3ed7 31501->31571 31575 6dc3ed8 31501->31575 31502 6dc6375 31506 6dc5a3c 31505->31506 31507 6dc5a3f 31505->31507 31506->31442 31579 6dc42ec 31507->31579 31583 6dc42f8 31507->31583 31513 6dc4068 WriteProcessMemory 31511->31513 31514 6dc4070 WriteProcessMemory 31511->31514 31512 6dc5dd6 31513->31512 31514->31512 31516 6dc608c 31515->31516 31587 6dc3fad 31516->31587 31591 6dc3fb0 31516->31591 31517 6dc60aa 31521 6dc641a 31520->31521 31522 6dc644b 31521->31522 31523 6dc4158 ReadProcessMemory 31521->31523 31524 6dc4160 ReadProcessMemory 31521->31524 31523->31522 31524->31522 31526 6dc5d80 31525->31526 31528 6dc4158 ReadProcessMemory 31526->31528 31529 6dc4160 ReadProcessMemory 31526->31529 31527 6dc644b 31528->31527 31529->31527 31531 6dc5d39 31530->31531 31532 6dc5bfe 31531->31532 31533 6dc3e28 ResumeThread 31531->31533 31534 6dc3e20 ResumeThread 31531->31534 31532->31442 31533->31531 31534->31531 31536 6dc5c8a 31535->31536 31537 6dc5bfe 31536->31537 31538 6dc3e28 ResumeThread 31536->31538 31539 6dc3e20 ResumeThread 31536->31539 31537->31442 31538->31536 31539->31536 31545 6dc3ed8 Wow64SetThreadContext 31540->31545 31546 6dc3ed7 Wow64SetThreadContext 31540->31546 31541 6dc5d39 31542 6dc5bfe 31541->31542 31543 6dc3e28 ResumeThread 31541->31543 31544 6dc3e20 ResumeThread 31541->31544 31542->31442 31543->31541 31544->31541 31545->31541 31546->31541 31548 6dc3e68 ResumeThread 31547->31548 31550 6dc3e99 31548->31550 31550->31476 31552 6dc3e68 ResumeThread 31551->31552 31554 6dc3e99 31552->31554 31554->31476 31556 6dc415b ReadProcessMemory 31555->31556 31558 6dc41ef 31556->31558 31558->31483 31560 6dc416e ReadProcessMemory 31559->31560 31562 6dc41ef 31560->31562 31562->31483 31564 6dc406b WriteProcessMemory 31563->31564 31566 6dc410f 31564->31566 31566->31487 31568 6dc40b8 WriteProcessMemory 31567->31568 31570 6dc410f 31568->31570 31570->31487 31572 6dc3f1d Wow64SetThreadContext 31571->31572 31574 6dc3f65 31572->31574 31574->31502 31576 6dc3f1d Wow64SetThreadContext 31575->31576 31578 6dc3f65 31576->31578 31578->31502 31580 6dc4381 CreateProcessA 31579->31580 31582 6dc4543 31580->31582 31584 6dc4381 CreateProcessA 31583->31584 31586 6dc4543 31584->31586 31588 6dc3ff0 VirtualAllocEx 31587->31588 31590 6dc402d 31588->31590 31590->31517 31592 6dc3ff0 VirtualAllocEx 31591->31592 31594 6dc402d 31592->31594 31594->31517

                Executed Functions

                Function 09100378 Relevance: 6.9, Strings: 5, Instructions: 614COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 294 9100378-91003a0 295 9100883-91008ec 294->295 296 91003a6-91003ab 294->296 302 91008f3-910097b 295->302 296->295 297 91003b1-91003ce 296->297 297->302 303 91003d4-91003d8 297->303 340 9100986-9100a06 302->340 305 91003e7-91003eb 303->305 306 91003da-91003e4 303->306 308 91003fa-9100401 305->308 309 91003ed-91003f7 305->309 306->305 312 9100407-9100437 308->312 313 910051c-9100521 308->313 309->308 324 9100c06-9100c2c 312->324 326 910043d-9100510 312->326 316 9100523-9100527 313->316 317 9100529-910052e 313->317 316->317 319 9100530-9100534 316->319 320 9100540-9100570 317->320 319->324 325 910053a-910053d 319->325 320->340 341 9100576-9100579 320->341 332 9100c3c 324->332 333 9100c2e-9100c3a 324->333 325->320 326->313 349 9100512 326->349 335 9100c3f-9100c44 332->335 333->335 357 9100a0d-9100a8f 340->357 341->340 344 910057f-9100581 341->344 344->340 346 9100587-91005bc 344->346 356 91005c2-91005cb 346->356 346->357 349->313 359 91005d1-910062b 356->359 360 910072e-9100732 356->360 362 9100a97-9100b19 357->362 398 910063d 359->398 399 910062d-9100636 359->399 360->362 363 9100738-910073c 360->363 365 9100b21-9100b4e 362->365 363->365 366 9100742-9100748 363->366 379 9100b55-9100bd5 365->379 370 910074a 366->370 371 910074c-9100781 366->371 375 9100788-910078e 370->375 371->375 378 9100794-910079c 375->378 375->379 382 91007a3-91007a5 378->382 383 910079e-91007a2 378->383 433 9100bdc-9100bfe 379->433 389 9100807-910080d 382->389 390 91007a7-91007cb 382->390 383->382 394 910082c-910085a 389->394 395 910080f-910082a 389->395 417 91007d4-91007d8 390->417 418 91007cd-91007d2 390->418 415 9100862-910086e 394->415 395->415 405 9100641-9100643 398->405 399->405 406 9100638-910063b 399->406 413 9100645 405->413 414 910064a-910064e 405->414 406->405 413->414 419 9100650-9100657 414->419 420 910065c-9100662 414->420 432 9100874-9100880 415->432 415->433 417->324 424 91007de-91007e1 417->424 423 91007e4-91007f5 418->423 428 91006f9-91006fd 419->428 429 9100664-910066a 420->429 430 910066c-9100671 420->430 470 91007f7 call 9100ca0 423->470 471 91007f7 call 9100c8f 423->471 424->423 434 910071c-9100728 428->434 435 91006ff-9100719 428->435 436 9100677-910067d 429->436 430->436 433->324 434->359 434->360 435->434 439 9100683-9100688 436->439 440 910067f-9100681 436->440 445 910068a-910069c 439->445 440->445 442 91007fd-9100805 442->415 450 91006a6-91006ab 445->450 451 910069e-91006a4 445->451 453 91006b1-91006b8 450->453 451->453 458 91006ba-91006bc 453->458 459 91006be 453->459 461 91006c3-91006ce 458->461 459->461 462 91006d0-91006d3 461->462 463 91006f2 461->463 462->428 465 91006d5-91006db 462->465 463->428 466 91006e2-91006eb 465->466 467 91006dd-91006e0 465->467 466->428 469 91006ed-91006f0 466->469 467->463 467->466 469->428 469->463 470->442 471->442
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                • API String ID: 0-1677660839
                • Opcode ID: c3e55489f319bc885cbb983f9dbedba47b4bd396fa370373c1dd69636718c783
                • Instruction ID: e8da572b0dfcb2e4ed1e3e1eb973eb66dce40af64d5c13b73a2780c4a3956a66
                • Opcode Fuzzy Hash: c3e55489f319bc885cbb983f9dbedba47b4bd396fa370373c1dd69636718c783
                • Instruction Fuzzy Hash: 55326C70F002189FDB54DFA8C8A57AEBBB2BFC8304F1481A9D049AB385DB759D45CB91
                Function 06DC7AE0 Relevance: .6, Instructions: 593COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4c1cadec944ee73e699c06aa65ede02fe107aa6124980c8d9d230b797d21f34
                • Instruction ID: 25c7c1431383f0d69c0b90f795cd0aeabf64a674de7a994008a47f8d1d290f35
                • Opcode Fuzzy Hash: c4c1cadec944ee73e699c06aa65ede02fe107aa6124980c8d9d230b797d21f34
                • Instruction Fuzzy Hash: D5229B30B012098FDB59DB69C554BAEBBF6AF89710F2444ADE105DB3A1CB35ED02CB50
                Function 09107859 Relevance: .5, Instructions: 513COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d91d548d4adc96389d52a8b20261305ee210082c1df9ea32ccc587b84b8109f
                • Instruction ID: f786925ef726daf66b6da4bd64016523873b415118fa964cc81bd7d6db8c25a4
                • Opcode Fuzzy Hash: 0d91d548d4adc96389d52a8b20261305ee210082c1df9ea32ccc587b84b8109f
                • Instruction Fuzzy Hash: FB429374E01219CFDB24CF69D994B9DBBB2BF88300F1181A9E819A7395D735AE81CF50
                Function 09106182 Relevance: .5, Instructions: 486COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bef9bf82000bc99b4c5a550d37b15916887c91a8892b9a2d2ffaf62b718b4093
                • Instruction ID: b802f4676719a7a4669cc1822b588ecee28e1b69ebfa69e6467b18551db55666
                • Opcode Fuzzy Hash: bef9bf82000bc99b4c5a550d37b15916887c91a8892b9a2d2ffaf62b718b4093
                • Instruction Fuzzy Hash: EF32F270E01218CFDB50DF69C580A8EFBB2BF88355F55D295E448AB212DB31E981CFA4
                Function 09100369 Relevance: .3, Instructions: 279COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0f150047ff8b59fb87f56b40692a94915627501149a06b1222ebe69b3c16e7ca
                • Instruction ID: fa37128fec01e903da5ba9c5f1dd29525e4b73d78fb7959a63970ed14cff631c
                • Opcode Fuzzy Hash: 0f150047ff8b59fb87f56b40692a94915627501149a06b1222ebe69b3c16e7ca
                • Instruction Fuzzy Hash: EAC16C70E002589FDF14CFA4C89579DBBB2BF88304F18C1AAE449AB295DBB1D985CF51
                Function 06DC5BBC Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5843aea143d4d3e152a22abe88d3ed995df55869124852e9c462b1c1e590e58f
                • Instruction ID: 6f63a5a0c958025738f01e396705202bb0da5d53542ded6a1ed7517087a733d8
                • Opcode Fuzzy Hash: 5843aea143d4d3e152a22abe88d3ed995df55869124852e9c462b1c1e590e58f
                • Instruction Fuzzy Hash: 2921393880926ACFEBA0CF54E9447F8BBB8BB4A325F1051DEC049A3291C334DA85CF50
                Function 06DC42EC Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 558 6dc42ec-6dc438d 560 6dc438f-6dc4399 558->560 561 6dc43c6-6dc43e6 558->561 560->561 562 6dc439b-6dc439d 560->562 568 6dc441f-6dc444e 561->568 569 6dc43e8-6dc43f2 561->569 563 6dc439f-6dc43a9 562->563 564 6dc43c0-6dc43c3 562->564 566 6dc43ad-6dc43bc 563->566 567 6dc43ab 563->567 564->561 566->566 570 6dc43be 566->570 567->566 575 6dc4487-6dc4541 CreateProcessA 568->575 576 6dc4450-6dc445a 568->576 569->568 571 6dc43f4-6dc43f6 569->571 570->564 573 6dc43f8-6dc4402 571->573 574 6dc4419-6dc441c 571->574 577 6dc4404 573->577 578 6dc4406-6dc4415 573->578 574->568 589 6dc454a-6dc45d0 575->589 590 6dc4543-6dc4549 575->590 576->575 579 6dc445c-6dc445e 576->579 577->578 578->578 580 6dc4417 578->580 581 6dc4460-6dc446a 579->581 582 6dc4481-6dc4484 579->582 580->574 584 6dc446c 581->584 585 6dc446e-6dc447d 581->585 582->575 584->585 585->585 586 6dc447f 585->586 586->582 600 6dc45e0-6dc45e4 589->600 601 6dc45d2-6dc45d6 589->601 590->589 603 6dc45f4-6dc45f8 600->603 604 6dc45e6-6dc45ea 600->604 601->600 602 6dc45d8 601->602 602->600 606 6dc4608-6dc460c 603->606 607 6dc45fa-6dc45fe 603->607 604->603 605 6dc45ec 604->605 605->603 608 6dc461e-6dc4625 606->608 609 6dc460e-6dc4614 606->609 607->606 610 6dc4600 607->610 611 6dc463c 608->611 612 6dc4627-6dc4636 608->612 609->608 610->606 614 6dc463d 611->614 612->611 614->614
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DC452E
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: b9c74191ea1e1828b1ac92fae14346ee9b16ab33c1329ad98e84e2d30864e4b5
                • Instruction ID: 80e977278232493dbd17d5c88e32ae031e3f325314dd5e7daafe1a14c6537224
                • Opcode Fuzzy Hash: b9c74191ea1e1828b1ac92fae14346ee9b16ab33c1329ad98e84e2d30864e4b5
                • Instruction Fuzzy Hash: 0AA15A71D0061A9FEF50CFA8C8507EDBBF2BF48324F1485A9E849A7244DB749985CF91
                Function 06DC42F8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 615 6dc42f8-6dc438d 617 6dc438f-6dc4399 615->617 618 6dc43c6-6dc43e6 615->618 617->618 619 6dc439b-6dc439d 617->619 625 6dc441f-6dc444e 618->625 626 6dc43e8-6dc43f2 618->626 620 6dc439f-6dc43a9 619->620 621 6dc43c0-6dc43c3 619->621 623 6dc43ad-6dc43bc 620->623 624 6dc43ab 620->624 621->618 623->623 627 6dc43be 623->627 624->623 632 6dc4487-6dc4541 CreateProcessA 625->632 633 6dc4450-6dc445a 625->633 626->625 628 6dc43f4-6dc43f6 626->628 627->621 630 6dc43f8-6dc4402 628->630 631 6dc4419-6dc441c 628->631 634 6dc4404 630->634 635 6dc4406-6dc4415 630->635 631->625 646 6dc454a-6dc45d0 632->646 647 6dc4543-6dc4549 632->647 633->632 636 6dc445c-6dc445e 633->636 634->635 635->635 637 6dc4417 635->637 638 6dc4460-6dc446a 636->638 639 6dc4481-6dc4484 636->639 637->631 641 6dc446c 638->641 642 6dc446e-6dc447d 638->642 639->632 641->642 642->642 643 6dc447f 642->643 643->639 657 6dc45e0-6dc45e4 646->657 658 6dc45d2-6dc45d6 646->658 647->646 660 6dc45f4-6dc45f8 657->660 661 6dc45e6-6dc45ea 657->661 658->657 659 6dc45d8 658->659 659->657 663 6dc4608-6dc460c 660->663 664 6dc45fa-6dc45fe 660->664 661->660 662 6dc45ec 661->662 662->660 665 6dc461e-6dc4625 663->665 666 6dc460e-6dc4614 663->666 664->663 667 6dc4600 664->667 668 6dc463c 665->668 669 6dc4627-6dc4636 665->669 666->665 667->663 671 6dc463d 668->671 669->668 671->671
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DC452E
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 04f4045c7eff153ff5b95062539f9d981dc53fae68c11c01f45f983de4e46c01
                • Instruction ID: a51a92a1e7b42a9115ba8a29325cd4683d466d670d0f664a737c27168e6f3495
                • Opcode Fuzzy Hash: 04f4045c7eff153ff5b95062539f9d981dc53fae68c11c01f45f983de4e46c01
                • Instruction Fuzzy Hash: 2C915B71D0061A9FDB50CFA8C8507EDBBF2AF48324F1485A9E809A7244DB749985CF91
                Function 051CAED9 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 672 51caed9-51caef7 674 51caef9-51caf06 call 51c9e40 672->674 675 51caf23-51caf27 672->675 682 51caf1c 674->682 683 51caf08 674->683 676 51caf29-51caf33 675->676 677 51caf3b-51caf7c 675->677 676->677 684 51caf7e-51caf86 677->684 685 51caf89-51caf97 677->685 682->675 728 51caf0e call 51cb548 683->728 729 51caf0e call 51cb570 683->729 730 51caf0e call 51cb580 683->730 684->685 687 51caf99-51caf9e 685->687 688 51cafbb-51cafbd 685->688 686 51caf14-51caf16 686->682 689 51cb058-51cb118 686->689 691 51cafa9 687->691 692 51cafa0-51cafa7 call 51c9e4c 687->692 690 51cafc0-51cafc7 688->690 723 51cb11a-51cb11d 689->723 724 51cb120-51cb14b GetModuleHandleW 689->724 694 51cafc9-51cafd1 690->694 695 51cafd4-51cafdb 690->695 693 51cafab-51cafb9 691->693 692->693 693->690 694->695 697 51cafdd-51cafe5 695->697 698 51cafe8-51caff1 call 51c9e5c 695->698 697->698 704 51caffe-51cb003 698->704 705 51caff3-51caffb 698->705 706 51cb005-51cb00c 704->706 707 51cb021-51cb02e 704->707 705->704 706->707 709 51cb00e-51cb01e call 51c9e6c call 51c9e7c 706->709 713 51cb030-51cb04e 707->713 714 51cb051-51cb057 707->714 709->707 713->714 723->724 725 51cb14d-51cb153 724->725 726 51cb154-51cb168 724->726 725->726 728->686 729->686 730->686
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 051CB13E
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 63bfca548f3e1cce7f20229c1711b5a2375ed62e12397d205b5cb163db2b6dc3
                • Instruction ID: b0e0bcb881d664abb3972a94629ddabbb48104bc8720e5e9d5b93111863126d3
                • Opcode Fuzzy Hash: 63bfca548f3e1cce7f20229c1711b5a2375ed62e12397d205b5cb163db2b6dc3
                • Instruction Fuzzy Hash: 758167B0A00B058FDB25DF69D05576ABBF2FF58304F008A6DD096D7A50D739E849CB90
                Function 051C44D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 841 51c44d4-51c59b9 CreateActCtxA 844 51c59bb-51c59c1 841->844 845 51c59c2-51c5a1c 841->845 844->845 852 51c5a1e-51c5a21 845->852 853 51c5a2b-51c5a2f 845->853 852->853 854 51c5a40 853->854 855 51c5a31-51c5a3d 853->855 857 51c5a41 854->857 855->854 857->857
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 051C59A9
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 7aa6cca5d9f112dcb92497fa11790ff07d4b5e54a629aa3b62c5c039e0bb8e19
                • Instruction ID: b4fb24cb4ce5c43627c47dfe4c7fc2f736a6a95dc4795d4273d5772a45cc07cc
                • Opcode Fuzzy Hash: 7aa6cca5d9f112dcb92497fa11790ff07d4b5e54a629aa3b62c5c039e0bb8e19
                • Instruction Fuzzy Hash: C141E5B0C00719CFDB24DF9AC884B9DBBF6BF49304F20809AD409AB255DB75A945CF90
                Function 051C58EC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 858 51c58ec-51c58f3 859 51c58f8-51c59b9 CreateActCtxA 858->859 861 51c59bb-51c59c1 859->861 862 51c59c2-51c5a1c 859->862 861->862 869 51c5a1e-51c5a21 862->869 870 51c5a2b-51c5a2f 862->870 869->870 871 51c5a40 870->871 872 51c5a31-51c5a3d 870->872 874 51c5a41 871->874 872->871 874->874
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 051C59A9
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: eeef0aa768b5a4005725b2641bd5c3cec101ff44e221344badda90c4b71b0742
                • Instruction ID: aa982f03526150e1057d3a2f87837052b811f8c1508a096bc78f15ab81c661a3
                • Opcode Fuzzy Hash: eeef0aa768b5a4005725b2641bd5c3cec101ff44e221344badda90c4b71b0742
                • Instruction Fuzzy Hash: 9841E5B0C10619CFDB24CF99C884BCDBBF6BF49304F24809AD419AB255DB75A985CF90
                Function 09100CA0 Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 875 9100ca0-9100cb2 876 9100cba-9100cc5 875->876 885 9100cb5 call 9100ca0 875->885 886 9100cb5 call 9100c8f 875->886 877 9100cc7-9100cd7 876->877 878 9100cda-9100d6c CreateIconFromResourceEx 876->878 881 9100d75-9100d92 878->881 882 9100d6e-9100d74 878->882 882->881 885->876 886->876
                APIs
                • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 09100D5F
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID: CreateFromIconResource
                • String ID:
                • API String ID: 3668623891-0
                • Opcode ID: 06126ba4ea52a91907327033a7959ca1f66bedc110409cb27cb794157b9555c3
                • Instruction ID: ed897bb128526e24b44f230c050e88a0f9bb26d9ce19b891c65ccd75df815319
                • Opcode Fuzzy Hash: 06126ba4ea52a91907327033a7959ca1f66bedc110409cb27cb794157b9555c3
                • Instruction Fuzzy Hash: B4316972900258AFCB11DFA9D844AEEBFF8EF49310F14805AF954A7261C375E950DBA1
                Function 06DC4068 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 887 6dc4068-6dc40be 890 6dc40ce-6dc410d WriteProcessMemory 887->890 891 6dc40c0-6dc40cc 887->891 893 6dc410f-6dc4115 890->893 894 6dc4116-6dc4146 890->894 891->890 893->894
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DC4100
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 1e0db2fd62ea1b036df4e3328c14efd35f979fec821d5f305f8a53af6d9c67ab
                • Instruction ID: b2465f3af1f91e4f7a72bb62e0c5975f5ef1bea5461c480a865a18ed6ecf500a
                • Opcode Fuzzy Hash: 1e0db2fd62ea1b036df4e3328c14efd35f979fec821d5f305f8a53af6d9c67ab
                • Instruction Fuzzy Hash: 1B2137B1D003599FCB10CFA9C885BDEBBF1FF48320F10882AE559A7250C7789954CBA1
                Function 06DC4070 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 898 6dc4070-6dc40be 900 6dc40ce-6dc410d WriteProcessMemory 898->900 901 6dc40c0-6dc40cc 898->901 903 6dc410f-6dc4115 900->903 904 6dc4116-6dc4146 900->904 901->900 903->904
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DC4100
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: ea398dae378fe9d32098933c774ba7134be950a1b8e63b4af85b67b9de4ddf3e
                • Instruction ID: dc3970fa956328a5a3ae4cb32da899e7f2b8b84e386bd082051eda27f02618c5
                • Opcode Fuzzy Hash: ea398dae378fe9d32098933c774ba7134be950a1b8e63b4af85b67b9de4ddf3e
                • Instruction Fuzzy Hash: 782127B1900359DFCB10CFA9C885BDEBBF5FF48320F108429E959A7250C7789954CBA5
                Function 051CB538 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,051CD4A6,?,?,?,?,?), ref: 051CD567
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 065afb484ab902d09522e28368b4115e780e188b294ed0606196ca1bb90e65ca
                • Instruction ID: a7a3767492136fa73188edbd43c39e246f0a4843355678053b4ba29d166bb442
                • Opcode Fuzzy Hash: 065afb484ab902d09522e28368b4115e780e188b294ed0606196ca1bb90e65ca
                • Instruction Fuzzy Hash: E62103B5900258EFDB10CFAAD584AEEFFF4EB58314F10846AE914A7310C379A940CFA4
                Function 06DC3ED8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DC3F56
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: a780af160b7df0feaf324fc9229670ca6cf542f054d2b77cb01d2b3586c86d73
                • Instruction ID: c3bf473dddac93de522e63f32103344984f60d50adaa4074afc5258343717871
                • Opcode Fuzzy Hash: a780af160b7df0feaf324fc9229670ca6cf542f054d2b77cb01d2b3586c86d73
                • Instruction Fuzzy Hash: 4E2137B1D002098FDB10DFAAC4857EEBBF4AB48324F10842AD459A7240C7789944CFA5
                Function 06DC3ED7 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DC3F56
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 85e25efee341547c9daab35bd92c138b1fdbf9f5cfc9c812589dc0a0c40222b1
                • Instruction ID: 49dec8cff1b73244dd345c8f76ef056676e2f86c36fdce2383b72c0fc50e1962
                • Opcode Fuzzy Hash: 85e25efee341547c9daab35bd92c138b1fdbf9f5cfc9c812589dc0a0c40222b1
                • Instruction Fuzzy Hash: 932134B1D002098FDB10DFAAC4857EEBBF4EB88324F10842AD459A7240CB789985CFA5
                Function 06DC4160 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DC41E0
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 17d2290b49ce33dd118569c07a831c6abc7c065ce7686ee3953790739743f425
                • Instruction ID: a49631b30daaec2c5b70c6039f86f1488e0cff872d1d5f56ad132b60bff43024
                • Opcode Fuzzy Hash: 17d2290b49ce33dd118569c07a831c6abc7c065ce7686ee3953790739743f425
                • Instruction Fuzzy Hash: 0D2125B1D002599FDB10DFAAC885AEEFBF5FF48320F10842AE559A7250C7389954CBA5
                Function 051CD4D8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,051CD4A6,?,?,?,?,?), ref: 051CD567
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 2949c289cc7bb831b103daf091af30344a8384b31beec71d66795a5642de7bb1
                • Instruction ID: 143bb2a0e06908a6ed1765e1633fe9a5d4547a34026fb634d39a3058cbf6392f
                • Opcode Fuzzy Hash: 2949c289cc7bb831b103daf091af30344a8384b31beec71d66795a5642de7bb1
                • Instruction Fuzzy Hash: E821E0B6D00258DFDB10CFA9D984AEEBBF4EB18324F14841AE958B3351D378A944CF60
                Function 06DC4158 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DC41E0
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: ab8002235b66d83cafcf3526f37610ec75f907f959717931bb710661e0309ea2
                • Instruction ID: 0e3959742a4bbbce2aaf6bfe57146ec3158fffa27dc66eefee3a7ed7b99d5c75
                • Opcode Fuzzy Hash: ab8002235b66d83cafcf3526f37610ec75f907f959717931bb710661e0309ea2
                • Instruction Fuzzy Hash: A82134B1D00259CFDB10CFA9D8407EEBBF1FF88320F10842AE559A7250C7389950CBA4
                Function 06DC3FAD Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DC401E
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 3fa88dc571998df4564f561094e4f31ab8591eb92c73f8e70714b93ad1a0a6cd
                • Instruction ID: 6ccfdd560b0a7fcb022303fdcb560ee428de2c26d7a8767fc6e494a8cf7c3579
                • Opcode Fuzzy Hash: 3fa88dc571998df4564f561094e4f31ab8591eb92c73f8e70714b93ad1a0a6cd
                • Instruction Fuzzy Hash: 011167719002498FCB20DFAAC844BDEBFF5EF88320F208419E519A7250C7399540CFA0
                Function 06DC3FB0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DC401E
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 2c8f36bc0739f2d8addeee2611b9082b55a277cc05117c8c82d4055f75a78dfa
                • Instruction ID: 9bb1928bac2fb16fc4c65a5a80685e1774935a2fd4df0aee39b0256090dfde85
                • Opcode Fuzzy Hash: 2c8f36bc0739f2d8addeee2611b9082b55a277cc05117c8c82d4055f75a78dfa
                • Instruction Fuzzy Hash: 511137719002499FCB20DFAAC845BDEBFF5EF88324F108419E559A7250C775A544CFA5
                Function 06DC3E20 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 61247c51808fdc6e92b2ea09ff721bf863cb2e8a1206ef9d531d14cb0b60dcf4
                • Instruction ID: b2b14a3addf1019e365b0ecf1f90be14e608d81214c6cf3410c4606d7d6e11c2
                • Opcode Fuzzy Hash: 61247c51808fdc6e92b2ea09ff721bf863cb2e8a1206ef9d531d14cb0b60dcf4
                • Instruction Fuzzy Hash: 0E1146B1900249CFDB20DFAAC4447EEFFF5AB89324F24881DD45AA7250C635A944CB95
                Function 06DC3E28 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 2d56a46870ce89a957f7b3952756003696ce32785f1526ab9d7da7eade750da7
                • Instruction ID: 5d2f7d3a03b0c7206233366a2c7cbedbb478219f9d50591257ae616635a726f1
                • Opcode Fuzzy Hash: 2d56a46870ce89a957f7b3952756003696ce32785f1526ab9d7da7eade750da7
                • Instruction Fuzzy Hash: 99116AB1D002498FCB10DFAAC4457DEFBF4EB88324F20841DC419A7240C734A944CFA5
                Function 06DC6E20 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DC6E85
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: ceca3243437aa7a33b064e9bf9fbcc25be7a45451a60706b4c32a80ffa33541a
                • Instruction ID: 7d77e2a6a154f0f581ca4a942b28e5bb2345f3bf98496deb3fc1b5af37bc588f
                • Opcode Fuzzy Hash: ceca3243437aa7a33b064e9bf9fbcc25be7a45451a60706b4c32a80ffa33541a
                • Instruction Fuzzy Hash: 6E11F2B5800259DFDB10DF9AC885BEEBFF8EB58324F10841AE569A7600C379A545CFA1
                Function 051CB0D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 051CB13E
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: a8e5f42c355c5489181703738da87ee12b5a42bbac1c06bb5cbfa09b6dc76cd0
                • Instruction ID: a2836dfaa92e78552e39e27105cf3e4d9bd57c9d9a8fa199815f894368515e8f
                • Opcode Fuzzy Hash: a8e5f42c355c5489181703738da87ee12b5a42bbac1c06bb5cbfa09b6dc76cd0
                • Instruction Fuzzy Hash: A21110B5C042498FDB10CF9AD844ADEFBF8AB88324F10846AD429B7210C379A545CFA1
                Function 06DC67A4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DC6E85
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: c2193c5634be6aebf9fb79791df551097253f10c07b6374b5503d2d578eb6600
                • Instruction ID: 5f70293bb24f589574c1d7918297b29873eb5a64dc455cfd4632bb350e6d6ab4
                • Opcode Fuzzy Hash: c2193c5634be6aebf9fb79791df551097253f10c07b6374b5503d2d578eb6600
                • Instruction Fuzzy Hash: F411F2B5800349DFDB10DF9AC885BDEBBF8EB58320F10841AE559A7200C375A984CFA1
                Function 0101D4C4 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1869404300.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_101d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c8386081679c99ae16f42c55707c8724191ea08807ba2550dd283b63939e22a
                • Instruction ID: 8ed9d80da8ebbca21daa103bf874db4aa464ed577cc9c01647553c2714c85a36
                • Opcode Fuzzy Hash: 4c8386081679c99ae16f42c55707c8724191ea08807ba2550dd283b63939e22a
                • Instruction Fuzzy Hash: 58213771500240DFDB05DF58D9C8B2BBFA5FB88318F20C5A9E9890B25AC33AD456CBB1
                Function 0102D1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1870447551.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_102d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6985ed0316c5262074a824ae0f811422613b747851f581df2df8c31d1116dd28
                • Instruction ID: 4f9546dc4a9c2f555574826e1a168050e055659a45448c4b151a8598b828dd3f
                • Opcode Fuzzy Hash: 6985ed0316c5262074a824ae0f811422613b747851f581df2df8c31d1116dd28
                • Instruction Fuzzy Hash: B1212671504200EFDB05DF98D9C4B2ABBA5FB95324F20C6ADE9894B256C336D84ACB61
                Function 0102D01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1870447551.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_102d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4326babc918a14f032363b7badf74fcd80388d78f501b2fc436d37e18193ec8
                • Instruction ID: 28463fe94c6c0558dd952abf70ac67a9f1ea58dea61babbffb73f4b212cccfe2
                • Opcode Fuzzy Hash: d4326babc918a14f032363b7badf74fcd80388d78f501b2fc436d37e18193ec8
                • Instruction Fuzzy Hash: D3213771504240DFCB15DF58D5C4B1ABFA5FB84314F20C5ADE9894B266C33AD847CB61
                Function 0102D006 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1870447551.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_102d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d9f234daf6c055008de09f27f99e814d018cf504a60405fa68bd718b4e6429a8
                • Instruction ID: 8e2b50e1691db37b820489927d91b82c0f2c572b1238e7da0977d6e9df42892b
                • Opcode Fuzzy Hash: d9f234daf6c055008de09f27f99e814d018cf504a60405fa68bd718b4e6429a8
                • Instruction Fuzzy Hash: 042180755083809FCB13CF64D9D4711BFB1EB46214F28C5DAD8898F2A7C33A981ACB62
                Function 0101D4BF Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1869404300.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_101d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                • Instruction ID: 3a7f5407a4a6e18fd73c49c90aa62aef2128554ee2a253fd4ff6d84d4c0ed22a
                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                • Instruction Fuzzy Hash: D111D376504280CFDB16CF54D5C4B16BFB1FB84318F24C6A9D9490B65BC33AD45ACBA1
                Function 0102D1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1870447551.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_102d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                • Instruction ID: e4e0f9df3c8a00b82bd52114269cf2f221afef72f14cddbc214c8e6f70577fc8
                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                • Instruction Fuzzy Hash: 7111BB75504280DFDB02CF54C5C4B15FFA1FB85224F24C6AAD8894B296C33AD80ACB61
                Function 0101D745 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1869404300.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_101d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb8892fbd212c210fa7db31f3065960840dd795f7467cc2e56e74722e014dca8
                • Instruction ID: 7d4753e8ff77e28030ca871abd39c6115ff7d56ff17ce9e2c00c61c08cbca777
                • Opcode Fuzzy Hash: bb8892fbd212c210fa7db31f3065960840dd795f7467cc2e56e74722e014dca8
                • Instruction Fuzzy Hash: B001F7310083809AE7105A69CD8CB6BBFD8FF41324F08C56AED490B28AE27DD840CB71
                Function 0101D744 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1869404300.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_101d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1516ab7ebdef43e0d87443f0ebc0d2f5342b0815b5b6688371b76d09eab0abbb
                • Instruction ID: 524ba6895525cecee48699c3e8dffaee542854a3f51ba9340fd520928fe3bb62
                • Opcode Fuzzy Hash: 1516ab7ebdef43e0d87443f0ebc0d2f5342b0815b5b6688371b76d09eab0abbb
                • Instruction Fuzzy Hash: 4BF0C2710043809AE7108E1AC888B66FFE8FB81234F18C45AED480B28AD2799840CBB0

                Non-executed Functions

                Function 06DC12B0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: +X'Y
                • API String ID: 0-4239053598
                • Opcode ID: 789c784d99d384789af91d516a9ecc900d97bd19538e818eb7b259d791de03c4
                • Instruction ID: 92a938ae435cf71219a18da19a8fd975d46d2f6b64046f2d63f0b20d78e42e9e
                • Opcode Fuzzy Hash: 789c784d99d384789af91d516a9ecc900d97bd19538e818eb7b259d791de03c4
                • Instruction Fuzzy Hash: DAE1F974E005198FDB54DFA9C980AAEFBF2BF89314F248169E415AB356D730AD41CFA0
                Function 06DC127C Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: +X'Y
                • API String ID: 0-4239053598
                • Opcode ID: 1a357767bff3073e5c13fed519e919442a4f7b48cd63933c1ce655171ffe710f
                • Instruction ID: 54f44e4c83da9bbc579590d45c4162d1ac13f51f9e0eb43c78bc6b97bb83c4d3
                • Opcode Fuzzy Hash: 1a357767bff3073e5c13fed519e919442a4f7b48cd63933c1ce655171ffe710f
                • Instruction Fuzzy Hash: 74513E74E042598FCB14CFA9C9409AEFBF2BF89304F1481AAD458A7356D7315D42CFA1
                Function 09109C90 Relevance: .3, Instructions: 318COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f33acd868cff8f7319623a71fdc92362a968fe60b855f794660476761901e07f
                • Instruction ID: 60fdc42e43403ea6f9aafa17071ac16649df8185d966ed178f6ce1ef0d5686c7
                • Opcode Fuzzy Hash: f33acd868cff8f7319623a71fdc92362a968fe60b855f794660476761901e07f
                • Instruction Fuzzy Hash: AAE10874E006198FCB14DFA9C5909AEFBB2BF89304F24C169E418AB35AD771AD41CF61
                Function 06DC16E8 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bb760d5b9c2a3bb549916bfc9bd86e1f7cbd23aacde65303a7809a0f312e5d
                • Instruction ID: 2597ac26f5f717e22dd17918f33df4e06db02b4d12a3b47654fec6d8884d0842
                • Opcode Fuzzy Hash: a4bb760d5b9c2a3bb549916bfc9bd86e1f7cbd23aacde65303a7809a0f312e5d
                • Instruction Fuzzy Hash: E0E1EB74E001198FDB54DFA9C980AAEFBF2BF89314F248169E415AB356D730AD41CFA1
                Function 06DC3600 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 140d92f8f8bd2a81e09bf69cdc44a694101bfadb55139756f645e887b6b36d19
                • Instruction ID: 43516640febc26de3c2ec71a154b0712155e9784cd60e2268162655240ff7f14
                • Opcode Fuzzy Hash: 140d92f8f8bd2a81e09bf69cdc44a694101bfadb55139756f645e887b6b36d19
                • Instruction Fuzzy Hash: E1E1E874E001198FCB54DFA9C580AAEFBB2BF89314F24C169E415AB355DB31AD41CFA1
                Function 06DC2D90 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11d90d18ecef2084b99653d9254dbe88361a81859d8b262f1b555501cd1242c1
                • Instruction ID: 38ecc78c6a281267b0cca54b656b7172b6cf99ba311c9143df6400077ce6a033
                • Opcode Fuzzy Hash: 11d90d18ecef2084b99653d9254dbe88361a81859d8b262f1b555501cd1242c1
                • Instruction Fuzzy Hash: 83E1F874E002198FDB54DFA9C580AAEFBF2BF89314F248169E415AB356D731AD41CFA0
                Function 06DC31C8 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1896622574.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6dc0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 397f45092175f903c74b18e9ba2bc2dfbf501077e21757dee19a8f71e70bd531
                • Instruction ID: 5f28ec5bfbdf5eba2443ad77075b73887781703dcb2587ccb004be38fdf74933
                • Opcode Fuzzy Hash: 397f45092175f903c74b18e9ba2bc2dfbf501077e21757dee19a8f71e70bd531
                • Instruction Fuzzy Hash: CFE1D974E002198FDB54DFA9C580AAEFBB2BF89314F24C169E415AB355DB31A941CFA0
                Function 051CDB8C Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1882106459.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_51c0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a33052d642b01708126cf73b59fea51a816333dcf81199cf7820ac01fc0e887e
                • Instruction ID: 5db58a2f7764dfebe6e69d320ca11eca14f50d1bf16b55b76f64c3c15dd0d979
                • Opcode Fuzzy Hash: a33052d642b01708126cf73b59fea51a816333dcf81199cf7820ac01fc0e887e
                • Instruction Fuzzy Hash: ADA19136A102158FCF15DFB4D88459EBBB3FF95300B1585BDE802AB265DB72D906CB40
                Function 0910AB48 Relevance: .2, Instructions: 169COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8645d674258377a390c0444393a5bd664ce93840c419ef2c44b06e8987154e3e
                • Instruction ID: 5e5e1ca7710c3c6cb33a51affa34a4b776fc00fe5fa09de20b1102988f2d727e
                • Opcode Fuzzy Hash: 8645d674258377a390c0444393a5bd664ce93840c419ef2c44b06e8987154e3e
                • Instruction Fuzzy Hash: E3719074E012188FCB08DFAAD5949DEFBF2BF88310F14D166E418AB255DB34A942CF50
                Function 0910A8B0 Relevance: .1, Instructions: 140COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 993916bef150b8003808232049b8293d098ee51008cbd1e0b3d4a0c65fe01ce7
                • Instruction ID: 1defa98c7743954da2c926204cd9ddf78910f85ccf8f2c3f9fb1922a2ca898ea
                • Opcode Fuzzy Hash: 993916bef150b8003808232049b8293d098ee51008cbd1e0b3d4a0c65fe01ce7
                • Instruction Fuzzy Hash: A8519175E002199FDB08DFEAD8946EEFBB6BF88300F10C02AE419AB254DB755906CF40
                Function 0910AB39 Relevance: .1, Instructions: 125COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 79cb50eee2d9d17dd244c7676f06b33ed22902e70a6ab695902030cf457a55e4
                • Instruction ID: cf834c3a9ae249477fa2a63e2ab9cdb03f307e4a838077af3dd251f907b3a9c0
                • Opcode Fuzzy Hash: 79cb50eee2d9d17dd244c7676f06b33ed22902e70a6ab695902030cf457a55e4
                • Instruction Fuzzy Hash: FD5183B5E006188FDB08DFAAD99469EFBF2BF88310F14C16AE419AB354DB745942CF40
                Function 0910A8A0 Relevance: .1, Instructions: 99COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1898481101.0000000009100000.00000040.00000800.00020000.00000000.sdmp, Offset: 09100000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9100000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e219983181e1da909df8bbc36976de242f6c27a987ef5e14faf56a50eaac3b33
                • Instruction ID: 18d58b68ad94e115da853a61dfc6ab8baf382d95be19a704f660333b87fdd13f
                • Opcode Fuzzy Hash: e219983181e1da909df8bbc36976de242f6c27a987ef5e14faf56a50eaac3b33
                • Instruction Fuzzy Hash: 5641A2B1E046199FDB08DFEAD8956DEFBF2AF88300F14C02AE418AB254DB745946CF40

                Execution Graph

                Execution Coverage:0.6%
                Dynamic/Decrypted Code Coverage:6.5%
                Signature Coverage:6.5%
                Total number of Nodes:62
                Total number of Limit Nodes:5
                execution_graph 93717 42fce3 93718 42fc53 93717->93718 93719 42fcb0 93718->93719 93723 42ead3 93718->93723 93721 42fc8d 93726 42e9f3 93721->93726 93729 42cc53 93723->93729 93725 42eaee 93725->93721 93732 42cca3 93726->93732 93728 42ea0c 93728->93719 93730 42cc70 93729->93730 93731 42cc81 RtlAllocateHeap 93730->93731 93731->93725 93733 42ccc0 93732->93733 93734 42ccd1 RtlFreeHeap 93733->93734 93734->93728 93735 42bf03 93736 42bf20 93735->93736 93739 1842df0 LdrInitializeThunk 93736->93739 93737 42bf48 93739->93737 93747 425033 93749 42504c 93747->93749 93748 425097 93750 42e9f3 RtlFreeHeap 93748->93750 93749->93748 93752 4250d7 93749->93752 93754 4250dc 93749->93754 93751 4250a7 93750->93751 93753 42e9f3 RtlFreeHeap 93752->93753 93753->93754 93755 42fbb3 93756 42fbc3 93755->93756 93757 42fbc9 93755->93757 93758 42ead3 RtlAllocateHeap 93757->93758 93759 42fbef 93758->93759 93740 411ca3 93741 411cb8 93740->93741 93744 42c923 93741->93744 93743 411cd1 93745 42c93d 93744->93745 93746 42c94e NtClose 93745->93746 93746->93743 93760 401ad8 93761 401ae0 93760->93761 93764 430083 93761->93764 93767 42e5b3 93764->93767 93766 401b8e 93768 42e5d9 93767->93768 93773 407593 93768->93773 93770 42e5ef 93772 42e60e 93770->93772 93776 41b383 NtClose 93770->93776 93772->93766 93775 4075a0 93773->93775 93777 4166f3 93773->93777 93775->93770 93776->93772 93779 416710 93777->93779 93778 416729 93778->93775 93779->93778 93781 42d383 93779->93781 93782 42d39d 93781->93782 93783 42d3cc 93782->93783 93788 42bf53 93782->93788 93783->93778 93786 42e9f3 RtlFreeHeap 93787 42d445 93786->93787 93787->93778 93789 42bf6d 93788->93789 93792 1842c0a 93789->93792 93790 42bf99 93790->93786 93793 1842c11 93792->93793 93794 1842c1f LdrInitializeThunk 93792->93794 93793->93790 93794->93790

                Executed Functions

                Function 0042C923 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 28 42c923-42c95c call 4048c3 call 42db73 NtClose
                APIs
                • NtClose.NTDLL(00424D04,?,00000000,?,?,00424D04,?,0000A9D9), ref: 0042C957
                Memory Dump Source
                • Source File: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 6b3b3c426d2163172bf3aa156b19c735216ea530695cccb968454dd5543b0e58
                • Instruction ID: eb0b2d780336f930fed0978dcc95a9ae672d0310119330f723e2138eb72c8308
                • Opcode Fuzzy Hash: 6b3b3c426d2163172bf3aa156b19c735216ea530695cccb968454dd5543b0e58
                • Instruction Fuzzy Hash: 8CE086762442547BD610FA5AEC01FD7B75CDFC5714F00841AFB1867281C670790187F4
                Function 01842DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 37 1842df0-1842dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                • Instruction ID: 8b2a465b3071ceb2ca8f11c589425ca2738e131e162cb431cd8e2105e6e03cb1
                • Opcode Fuzzy Hash: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                • Instruction Fuzzy Hash: FF90023120140417D252715945047070409D7D1341F95C413B5428558DD6568B56A622
                Function 0042CC53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 18 42cc53-42cc97 call 4048c3 call 42db73 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(00000104,?,00424D0F,?,?,00424D0F,?,00000104,?,0000A9D9), ref: 0042CC92
                Memory Dump Source
                • Source File: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: bb5c96e3ea438c1fafeff01b23d45c62e3cc3c0529c70b6fc417dd3fb41a58ed
                • Instruction ID: aa9b478c3da0df445d5dcc445698a16d9d1f36480510528e8c0c2af08e0909bf
                • Opcode Fuzzy Hash: bb5c96e3ea438c1fafeff01b23d45c62e3cc3c0529c70b6fc417dd3fb41a58ed
                • Instruction Fuzzy Hash: 22E06DB62012087BD610EE59EC41F9B37ACDFC4714F008519F908A7241C670B91186B8
                Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 23 42cca3-42cce7 call 4048c3 call 42db73 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF44D89,00000007,00000000,00000004,00000000,004172B7,000000F4), ref: 0042CCE2
                Memory Dump Source
                • Source File: 00000004.00000002.2454612791.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 9eacc333c94ce17935b362aed0592d509582fb615880c6b4ab5fa556899083e8
                • Instruction ID: fc3be202ab7a517368a152a3b01141b25cd9884c49f369d9f31264280699155c
                • Opcode Fuzzy Hash: 9eacc333c94ce17935b362aed0592d509582fb615880c6b4ab5fa556899083e8
                • Instruction Fuzzy Hash: D1E092B67102087FD610EE59DC41FEB37ACEFC5714F004419FA08A7241C670B91187B9
                Function 01842C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 33 1842c0a-1842c0f 34 1842c11-1842c18 33->34 35 1842c1f-1842c26 LdrInitializeThunk 33->35
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                • Instruction ID: f63c336f628adabc7766a7891f16d9a29cf4172be41f5933b5ba880c2356e11a
                • Opcode Fuzzy Hash: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                • Instruction Fuzzy Hash: FAB09B719055C5CADB52E76456087177D01B7D1701F15C062F3034641F4778C2D5E676

                Non-executed Functions

                Function 01882349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                • Instruction ID: 3a9b0cc0427d0df2a14293f6f5d242b8b8a7194cd92d474c90adc91f8f135f08
                • Opcode Fuzzy Hash: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                • Instruction Fuzzy Hash: 7E929E71608746AFE721EE18C880F6BBBEABF84714F04491DFA94D7251D770EA44CB92
                Function 01838620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • Thread is in a state in which it cannot own a critical section, xrefs: 01875543
                • double initialized or corrupted critical section, xrefs: 01875508
                • corrupted critical section, xrefs: 018754C2
                • 8, xrefs: 018752E3
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754CE
                • Thread identifier, xrefs: 0187553A
                • Invalid debug info address of this critical section, xrefs: 018754B6
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0187540A, 01875496, 01875519
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754E2
                • Critical section debug info address, xrefs: 0187541F, 0187552E
                • undeleted critical section in freed memory, xrefs: 0187542B
                • Critical section address, xrefs: 01875425, 018754BC, 01875534
                • Critical section address., xrefs: 01875502
                • Address of the debug info found in the active list., xrefs: 018754AE, 018754FA
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                • Instruction ID: 2a64b600bfecb6cb10e453c75b3711a886c9e7cfd89062f14c4d945452d5e545
                • Opcode Fuzzy Hash: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                • Instruction Fuzzy Hash: D5818AB1A00358AFDB20CF99C888BAEBBF5FB49704F244119F504F7290D775AA40CBA1
                Function 018329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0187261F
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01872498
                • @, xrefs: 0187259B
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01872602
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018724C0
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01872412
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018722E4
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018725EB
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01872506
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01872409
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01872624
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                • Instruction ID: 1fcff6de5e3dc45206aea32cd901f1b5a19f023bf95e1bdd9f590786cd41b9fa
                • Opcode Fuzzy Hash: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                • Instruction Fuzzy Hash: B5025EF1D002299BDB31DB58CC80B9AB7B9AF54314F0441EAA709E7241EB709F85CF99
                Function 018A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                • Instruction ID: 39e838fb673d6d672de22f6b4c706f95462bfa113cfb183e21c77aaef7ec4efc
                • Opcode Fuzzy Hash: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                • Instruction Fuzzy Hash: 5351D4715043199BE329DF188844BABBBE8FF95345F94492DEA98C3241E770D704CBE2
                Function 018B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                • Instruction ID: 859cb674908ac2eef1143725e93dc3c5a07eec04c7b365b4ae0a32049fd2cf57
                • Opcode Fuzzy Hash: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                • Instruction Fuzzy Hash: 18D1973150068ADFDB26DF68C494AAAFBB1FF4A714F18805DE545DB752C734AA81CB10
                Function 018889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • VerifierDlls, xrefs: 01888CBD
                • VerifierDebug, xrefs: 01888CA5
                • VerifierFlags, xrefs: 01888C50
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01888A67
                • AVRF: -*- final list of providers -*- , xrefs: 01888B8F
                • HandleTraces, xrefs: 01888C8F
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01888A3D
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 52baa7fbf636d9f1e571b2e1a22acdc8ee63a85da69bd3dc034b89ff6fd6a329
                • Instruction ID: 86d167db8fb8a742154ef48f61797d69bf41cca6811139c61f135857116ca555
                • Opcode Fuzzy Hash: 52baa7fbf636d9f1e571b2e1a22acdc8ee63a85da69bd3dc034b89ff6fd6a329
                • Instruction Fuzzy Hash: 7C912571A41716AFD721FF2C8880F2ABBE5AB95B14F84051CFA45EB285D7309F05CB92
                Function 0180EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                • Instruction ID: c07c390a3c6dfbf29324c0bca05efaa3398fec3e888a216040f036157caa9eaf
                • Opcode Fuzzy Hash: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                • Instruction Fuzzy Hash: 30A21874A0562E8BDBA5DF18CD887AEBBB5AF45304F1482D9D909E7291DB319F81CF00
                Function 018363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                • Instruction ID: 22d797bdd79ad271d2752c5e256f1535f2b1e9727251a7407f52030bd7f64da2
                • Opcode Fuzzy Hash: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                • Instruction Fuzzy Hash: 33910A70F01715ABDB25EF5CE884BA97BA5BB51B14F28012CEA10E7281EB74DB41CBD1
                Function 017F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018599ED
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01859A01
                • minkernel\ntdll\ldrinit.c, xrefs: 01859A11, 01859A3A
                • LdrpInitShimEngine, xrefs: 018599F4, 01859A07, 01859A30
                • apphelp.dll, xrefs: 017F6496
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01859A2A
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 3a26ec920a85d67e0edab3fa2f58c758e4bd28a4188def1d11949dd71d168511
                • Instruction ID: 45abd722557eac7fb01146992cf59eea35ddbec73e6a168bd292d6d2ef480730
                • Opcode Fuzzy Hash: 3a26ec920a85d67e0edab3fa2f58c758e4bd28a4188def1d11949dd71d168511
                • Instruction Fuzzy Hash: 1E519071608305DFE721DB28C855F6BB7E8EB84748F10092DFA85D7265E730EA04CBA2
                Function 0183C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeImportRedirection, xrefs: 01878177, 018781EB
                • LdrpInitializeProcess, xrefs: 0183C6C4
                • Loading import redirection DLL: '%wZ', xrefs: 01878170
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 018781E5
                • minkernel\ntdll\ldrinit.c, xrefs: 0183C6C3
                • minkernel\ntdll\ldrredirect.c, xrefs: 01878181, 018781F5
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: ab7bdef67fcc2446a21b40c06621977c543f94fe63384422df6d185b123eb3a7
                • Instruction ID: eac7775799f442356901d87fcd6e340a5ed83366a1140dbbe6d523d3a1e04860
                • Opcode Fuzzy Hash: ab7bdef67fcc2446a21b40c06621977c543f94fe63384422df6d185b123eb3a7
                • Instruction Fuzzy Hash: 0931E4B16487469BC224EB2CD949E1AB7E5EF94B14F04056CF941EB291EB60EE04C7A3
                Function 01832674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: %s() passed the empty activation context, xrefs: 01872165
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01872180
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01872178
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0187219F
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018721BF
                • RtlGetAssemblyStorageRoot, xrefs: 01872160, 0187219A, 018721BA
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                • Instruction ID: 0c5558b9b4a636f655bbaec76e29c9edd269b3d80c883b280f07c69135124833
                • Opcode Fuzzy Hash: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                • Instruction Fuzzy Hash: 21313776B4021577EB229A999C55F5BBBBAFBA4B94F094059BB04E7200D270EF00C3E1
                Function 0184096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 01842DF0: LdrInitializeThunk.NTDLL ref: 01842DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D74
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                • Instruction ID: 324b1e80f3a4aff40e999eb9bd6048cff68b38e902d3430c91963f6fdbba510a
                • Opcode Fuzzy Hash: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                • Instruction Fuzzy Hash: 9D423A75900719DFDB21CF68C880BAAB7F5BF44314F1445A9EA89DB241EB70EA84CF61
                Function 0180A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                • Instruction ID: 5ee3b52cc20dc71e0a37f40072e8bfdf7517a10f0d65fc695995a219a736b8c7
                • Opcode Fuzzy Hash: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                • Instruction Fuzzy Hash: 52C19C7410878ACFD75ACF68C880B6AB7E4BF84708F044969F995CB291E735CB49CB52
                Function 01838402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeProcess, xrefs: 01838422
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0183855E
                • @, xrefs: 01838591
                • minkernel\ntdll\ldrinit.c, xrefs: 01838421
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                • Instruction ID: d00a205faeb3bc943d26b056b88c0bd29ffa811ea2a978f10d0091199867be40
                • Opcode Fuzzy Hash: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                • Instruction Fuzzy Hash: 4E919D71548749AFD722DF25CC80E6BBAE8BB85744F440A2EFA84D2151E734DB448BA3
                Function 0183273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018722B6
                • SXS: %s() passed the empty activation context, xrefs: 018721DE
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018721D9, 018722B1
                • .Local, xrefs: 018328D8
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                • Instruction ID: 89a6864344931651f7c1d94e75dfee5177d8d8f37e1ce78b57eba22db1914d0d
                • Opcode Fuzzy Hash: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                • Instruction Fuzzy Hash: 3FA19D359012299BDB25CF68D884BA9B7B6BF98314F1841E9D908EB251D730DF81CFD1
                Function 01834AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01873456
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0187342A
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01873437
                • RtlDeactivateActivationContext, xrefs: 01873425, 01873432, 01873451
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                • Instruction ID: 99de1c422a06b1d805dc27b9a31e3eaf3aaf90ce5c94d5a65e17ef0a51302184
                • Opcode Fuzzy Hash: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                • Instruction Fuzzy Hash: 556122366007069BD72ACF1DC881B2AB7E5FFA4B24F188519EC55DB241CB30EA01CBD2
                Function 018064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018610AE
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01861028
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01860FE5
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0186106B
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                • Instruction ID: 5372cd93f26b4e3b2f11181f7e43f82513d73ae687e59cd5d263fcca0ee6035a
                • Opcode Fuzzy Hash: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                • Instruction Fuzzy Hash: 5D71CEB19043499FCB62DF18C884F977BA8AF95764F500468F948CB287E735D688CB92
                Function 0182245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • LdrpDynamicShimModule, xrefs: 0186A998
                • minkernel\ntdll\ldrinit.c, xrefs: 0186A9A2
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0186A992
                • apphelp.dll, xrefs: 01822462
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                • Instruction ID: 0bb94acd54f12448b67b6659d80231dd601991f887e81d36cae1b3c5dd9167f0
                • Opcode Fuzzy Hash: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                • Instruction Fuzzy Hash: 53315971A00201ABDB369F5DD885E6AB7BAFB84B04F25001EF911F7245D7709B81CF80
                Function 018129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • HEAP: , xrefs: 01813264
                • HEAP[%wZ]: , xrefs: 01813255
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0181327D
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                • Instruction ID: 255149989574b59d6627537baed293a13a59a5bd73ae7efebf40e210ca6abd83
                • Opcode Fuzzy Hash: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                • Instruction Fuzzy Hash: 1292BC72A042499FDB25CF68C440BAEBBF6FF48314F188459E849EB35AD734AA45CF50
                Function 01810770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                • Instruction ID: 6f08f812173736be08281aac73a842b9df27c7b1c598a6683b3d6d8dc036d6b7
                • Opcode Fuzzy Hash: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                • Instruction Fuzzy Hash: E9F19B71A0060ADFEB25CF68C894B6AB7FAFF44304F148169E516DB385D734EA81CB91
                Function 01826962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                • Instruction ID: 121959c4d56d6271fe043719fe9020a5dbb26d9bfeb18ea54b175bb95b893214
                • Opcode Fuzzy Hash: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                • Instruction Fuzzy Hash: DCC29F716083559FDB26CF29C880BABBBE5AF98714F04892DF9C9C7241E734DA44CB52
                Function 017FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                • Instruction ID: ab8a491542b8b137baf9bcb716cc47f1e111848a9d63bcb67536220637d09bcd
                • Opcode Fuzzy Hash: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                • Instruction Fuzzy Hash: 67A16A759016299BDB719F68CC88BEABBB8EF44700F1001EAEA08E7251D7359F84CF51
                Function 01820BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • LdrpCheckModule, xrefs: 0186A117
                • Failed to allocated memory for shimmed module list, xrefs: 0186A10F
                • minkernel\ntdll\ldrinit.c, xrefs: 0186A121
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                • Instruction ID: 793f3410c555fe526a728b93bec754035b785b8f06b0cdd06526d00c2e703b19
                • Opcode Fuzzy Hash: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                • Instruction Fuzzy Hash: 747190B5A00609DBDB2ADF6CC985ABEB7F8FB44704F14402DE902E7255E734AB81CB51
                Function 0183C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • Failed to reallocate the system dirs string !, xrefs: 018782D7
                • minkernel\ntdll\ldrinit.c, xrefs: 018782E8
                • LdrpInitializePerUserWindowsDirectory, xrefs: 018782DE
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                • Instruction ID: 8455e521a7b43ea92bdb2d4f7ac68ca48246f16f84c432ca28eb912573770eef
                • Opcode Fuzzy Hash: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                • Instruction Fuzzy Hash: B341F0B2540305ABD722EB6CD848F5B77E8AF84750F14492EFA54E3294EB74DA00CBD2
                Function 018BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 018BC1C5
                • PreferredUILanguages, xrefs: 018BC212
                • @, xrefs: 018BC1F1
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                • Instruction ID: 247a764581b4f9017ca81872359c8791832cebfb0b122956248ac8789976e7ca
                • Opcode Fuzzy Hash: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                • Instruction Fuzzy Hash: E7416272E0060EEBEB11DBD8C891FEEBBB8AB14704F14406AEA09F7350D7749B458B51
                Function 01894144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                • Instruction ID: 54297f3dbf8eaf2993df8eecf6dc33401ae9411ea4e76da3954b5aca6538c510
                • Opcode Fuzzy Hash: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                • Instruction Fuzzy Hash: DA412672A046488BEF26DBD8CA44BADBBB9FF55344F180499D901EB791DB358B02CB11
                Function 01884755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrredirect.c, xrefs: 01884899
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01884888
                • LdrpCheckRedirection, xrefs: 0188488F
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                • Instruction ID: 1aabd870db46bf3f26d9ccaa59abf1040e73aee3c6cfa9781a670716ad550576
                • Opcode Fuzzy Hash: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                • Instruction Fuzzy Hash: 0A41D133A102568BCB21FE1CD940B26BBE4BF49B54F06026DED48E7312E730EA00CB91
                Function 01810BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                • Instruction ID: 93e43523e2c189f6760efbd52cab3c0507f44658beef9c09ac5b916aee0910ad
                • Opcode Fuzzy Hash: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                • Instruction Fuzzy Hash: 0A11D2B2315106DFD719CA18C894F66F3A8EF40B59F18815DF406CB259DB34DA80C751
                Function 018820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 01882104
                • LdrpInitializationFailure, xrefs: 018820FA
                • Process initialization failed with status 0x%08lx, xrefs: 018820F3
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                • Instruction ID: dedf86292b0240d71f240dc1f9750d808a0036d2ec892b91cd5e207af72d98b8
                • Opcode Fuzzy Hash: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                • Instruction Fuzzy Hash: F2F0C279680708ABE724E64CCC56F9977ADFB44B54F60006DFA00EB682D6B0BB40CA91
                Function 018103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                • Instruction ID: 63f137d6876da51e3eeb74cf5c3ef1c1e7e39a9f44be5834b9a45bba5f701738
                • Opcode Fuzzy Hash: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                • Instruction Fuzzy Hash: D7713A72A0014A9FDB01DFA8C990BAEB7F8FF18704F144065E905EB255EA34EE41CBA1
                Function 0180A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Exit, xrefs: 0180AA25
                • LdrResSearchResource Enter, xrefs: 0180AA13
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                • Instruction ID: 222be1ef098984274dd266c9d35e7f7b9aea9026275cd4b1c59f07dfa53f8659
                • Opcode Fuzzy Hash: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                • Instruction Fuzzy Hash: F4E17C71A0071DAFEF66CA9CCD90BAEBBBABF44314F14442AE901E7291D7349A41CB51
                Function 018CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 018a78f0eff22b5f4842b94bed6e9f5932958b45289e75d576c61db92a2ebc1f
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: A9C1D53120434A9BE729CF28C841B6BBBE5BFD4B18F144A2DF696C7290E775D605CB42
                Function 0187E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 913d515436c9dc9c34f424f77e9e4c4e9b2c91f5275991b1f62681e3721a4929
                • Instruction ID: b00dd2c78e810bdd62b585d490f26c1e811f0e1b75670026d415b42ee46a09fc
                • Opcode Fuzzy Hash: 913d515436c9dc9c34f424f77e9e4c4e9b2c91f5275991b1f62681e3721a4929
                • Instruction Fuzzy Hash: 33615D71E043199FDB15DFA8C840BAEBBB9FB48744F1440ADE649EB251DB31EA40CB50
                Function 018A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                • Instruction ID: 4d8c0838df7c4eb6e7a686406848c759e39313d918542ba783660d93dc01a369
                • Opcode Fuzzy Hash: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                • Instruction Fuzzy Hash: 4B513971D0161DAFEF11DFA9CC80AEEBBB9EB44754F54052AFA11F7280D6709A05CB60
                Function 018004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0180063D
                • kLsE, xrefs: 01800540
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                • Instruction ID: 0b74e299e55be66835d088ad4763254e8702e10a7d5b6c135e859e49d400e9a0
                • Opcode Fuzzy Hash: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                • Instruction Fuzzy Hash: 0851DE7150470A8FC766DF68C8407A3BBE5AF84340F10883EFAAAC7281E735D645CB92
                Function 0180A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 0180A309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 0180A2FB
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                • Instruction ID: f0a69befccfb02fc33103bb96ce6c915691ef210ed025aaf160d45e46b471950
                • Opcode Fuzzy Hash: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                • Instruction Fuzzy Hash: 0D41BE31A04749CBEB2ACF5DC840B69BBB9FF94304F1540A5E904DB2A1E6B5DB00CB41
                Function 0183A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                • Instruction ID: 0bb9a90092af779a432a2f5eda9ab899e45536ce486e49ebd92ba92d24a18d1e
                • Opcode Fuzzy Hash: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                • Instruction Fuzzy Hash: E101D1B2244708AFD311DF18CD45F1677F8EB84B15F058939A688C7190F738DA04DB86
                Function 0180C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                • Instruction ID: 8263deea1f293c5f4b0546929680b45c0aea733a5b11d96d065a0a7d6797bcb1
                • Opcode Fuzzy Hash: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                • Instruction Fuzzy Hash: 3E824D75E0061D8FEBA6CFA9CC807EDBBB1BF44314F1482A9D959EB291D7309A41CB50
                Function 01886420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                • Instruction ID: 2a2ce680f2a736e766197fb8b5160ec6aae6718ecda04119d352ff26771019f6
                • Opcode Fuzzy Hash: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                • Instruction Fuzzy Hash: D3917771940219AFDB21DF99CD45FAE7BB8EF19B50F200065F600EB191E774AE40CB61
                Function 018AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                • Instruction ID: 1597f7a9f9ea6ac8ed228c61a01b1ce632975baf093d5260b1c0be8ea4190f81
                • Opcode Fuzzy Hash: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                • Instruction Fuzzy Hash: 1391A032900609BFEB22AFA9DC44FAFBBB9EF85754F540419F501E7251EB349A01CB91
                Function 0183A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                • Instruction ID: 901ef4b4d455147b451a15bf83a5afd47658c47971892063be97478087b21a87
                • Opcode Fuzzy Hash: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                • Instruction Fuzzy Hash: AA716CB5E0060A8FEF29CF9CC4906ADBBB1BF58744F24812EE505E7241F7318A41CB50
                Function 018A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                • Instruction ID: 58cbc55642a4c4f023c4eeebeeb256ec8b1c57df391184e688f72e187876d7df
                • Opcode Fuzzy Hash: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                • Instruction Fuzzy Hash: 10519672D00229DBEF11DF9DD850AAEBBB4AF04B14F494129EA12F7251D7B49E01CBE4
                Function 0181E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: 135d9b1af4e0d8c7cdca171e8258aa95b9c344b7a24afaf327922b975ad94413
                • Instruction ID: d54fc9ccee3b0142d0aebfab3b9c2926582d4ae93fd97759eb4dfd0ef93925cf
                • Opcode Fuzzy Hash: 135d9b1af4e0d8c7cdca171e8258aa95b9c344b7a24afaf327922b975ad94413
                • Instruction Fuzzy Hash: D5416F735083169BE712DA69C840B6BBBECAF88718F440D2DFA84D7184E674DB048793
                Function 0187C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                • Instruction ID: cfaebaab8a47ede88da140f90fe21f32682a1293718887d028af060e6432444a
                • Opcode Fuzzy Hash: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                • Instruction Fuzzy Hash: E44163B1D0052EABDB21DA54CC84FDEB77CAB45714F0045A5EB08EB141DB309F898FA5
                Function 01896B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                • Instruction ID: fba21979bffd87878c6cc6d04e908ec4259a1dd1e3bb3a7add5996e6ae4d7f9b
                • Opcode Fuzzy Hash: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                • Instruction Fuzzy Hash: 36310C31A007599BDF22DF6DC850FAE7BA8DF55708F284028F941EB282E775EA05CB50
                Function 0188892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0188895E
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                • Instruction ID: cd3517256e2fb0a585fb2f21b6e860262d2d51fc2dfaf8237e5ed038533ee910
                • Opcode Fuzzy Hash: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                • Instruction Fuzzy Hash: 4D01F2366002059BE631BB59CD84E6A7FA5EF86354B44012CF741D6152CB30AF80CBA2
                Function 018A2000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                • Instruction ID: b996b7078ae41a3097e93dd21356eb66389468116ceec0e9615025190a1ea4f4
                • Opcode Fuzzy Hash: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                • Instruction Fuzzy Hash: 2D42C4356083419BF735CF68C890A6BBBE6BF88704F88092DFA86D7250D771DA45CB52
                Function 01898158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                • Instruction ID: b3026dd2780273fc95c0c148fc6e45b9158ea4ff0c6fef6e8adaa3ac441d0e34
                • Opcode Fuzzy Hash: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                • Instruction Fuzzy Hash: 08425275E002199FDF25CF69C881BADBBF5BF46300F188099E949EB241D7349A85CF50
                Function 01812840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                • Instruction ID: 5483b70123857fd531b4fc1e56b7fffbc8a16fab79ca623387fcfcecf8216744
                • Opcode Fuzzy Hash: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                • Instruction Fuzzy Hash: 6F32CD70A007998BEB25CF6DC844BBABBFABF84304F24411DD546DB285E735AA41CB91
                Function 018AA118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                • Instruction ID: bce0e7ffbf90539d4d5d95b8c15b20d42b39977e8d91815169496b426c126c41
                • Opcode Fuzzy Hash: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                • Instruction Fuzzy Hash: 2022C1742046658BFB29CF2DC090772BBF1AF44304F888459E9D6CFA86E775E652CB60
                Function 01806A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                • Instruction ID: 5ecfc22ffdd6ef8425cf3cf3de8d7f3a918304f9fafd3aff6ccbd113e49431ef
                • Opcode Fuzzy Hash: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                • Instruction Fuzzy Hash: 5E32C271A00609CFDB56CF68C880BAAB7F5FF88304F244569E955EB392E734EA51CB50
                Function 01824A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: a6683f2d182f2a326291267539fa5592a91754e35ad1ec875c029a911ffec01a
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: BEF16371E0022A9BDF16CF99D590BAEBBF9BF44714F048129E905EB341E774DA81CB60
                Function 0189892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                • Instruction ID: 93406782b4ee2438e52ec73adad900c6b584ccece8c7b756566ad45c747f9e97
                • Opcode Fuzzy Hash: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                • Instruction Fuzzy Hash: EBD1E271A0060F9BDF15CF69C841ABEBBF1AF8A308F1C8169D955E7241D739EA05CB60
                Function 018065D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                • Instruction ID: 494d3fcfa8b50ec21ca1a2db9b6822149b6fd957ed3a8f2d10d25239b5fe89a4
                • Opcode Fuzzy Hash: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                • Instruction Fuzzy Hash: 80E19F71508345CFC756CF28C880A6ABBE1FF89314F148A6DE595C7391EB31EA15CB92
                Function 017F8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                • Instruction ID: 0d64fa971943df8115d79774e07879579b806675a9eb4ded3b90b4cac03256d4
                • Opcode Fuzzy Hash: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                • Instruction Fuzzy Hash: 57D1C371A0060A9BDB14DF68C880BBBB7E5FF54314F14466DEA15DB381E734DA50CB62
                Function 01888243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: ba19f1ec713c1acffe1772e406fb6381ce1e55ba25d583c00de13c1ea5d11004
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: CCB1A574A006099FDF24EF98C940EABBBB9FF86304F94445DAA02D7791DB74EA05CB10
                Function 01810535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: e64c1ae80a20750c2decfa1e52cb4a9dd8695febce881101b7ce0dcae61f7e54
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: 79B1053260464AAFDB11CBA8CC50BBEBBFAAF44304F140555E652DB385DB30EB81CB91
                Function 018083C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                • Instruction ID: aa696d72eaf45fae5aedd2be7453c322dca90e00ab7e36d075bbe0d120954268
                • Opcode Fuzzy Hash: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                • Instruction Fuzzy Hash: C0C169706083458FD765CF19C884BABB7E9BF88304F44492DE989C7291D775EA48CF92
                Function 017FC427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                • Instruction ID: 32d9118590433cd8ab0e619d56509956c61f4adbf46fc64e3cc83f45ec92865d
                • Opcode Fuzzy Hash: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                • Instruction Fuzzy Hash: 2AB17170A002698BDB65CF58C884BAAF7B5EF44700F1485EDDA4AE7341EB309E85CB21
                Function 0182E5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 960398c9b5c8a6608d1fcf67cb578aaf578ee35e37f51f022c9f673f8542e71e
                • Instruction ID: 9d0bf0f7ba1b2fb3f5387d82fe87606b3d9b8e54571d35e5834b8a6e6ace2986
                • Opcode Fuzzy Hash: 960398c9b5c8a6608d1fcf67cb578aaf578ee35e37f51f022c9f673f8542e71e
                • Instruction Fuzzy Hash: 8BA1E431E006699FEB32DB5CD854FAEBBA9AB00714F050125EB11EB291D774DF80CB95
                Function 01840185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                • Instruction ID: 8244f284fcdc8851f7e284f6592b14fe36b15207ae5dff29661b674eddceb3e6
                • Opcode Fuzzy Hash: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                • Instruction Fuzzy Hash: DCA1BE70A0061E9BDB25CF69C990BABB7B1FF54318F044129EB45DB281EB34EA51CB90
                Function 018D4500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                • Instruction ID: 914468e9988467b728d7e856ac4fd8f409f97f5734f17bb9b59122712a3990ba
                • Opcode Fuzzy Hash: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                • Instruction Fuzzy Hash: 8EA1CA72A04712AFC721DF18C980B5ABBE9FF48754F15062CF589DBA55D734EA00CB92
                Function 018D2B57 Relevance: .3, Instructions: 266COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction ID: f786fbbd803a1d3b5ac9025fb3b1e4c5aa2cce9065843312ef02fe4c6b53cda4
                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction Fuzzy Hash: CAB11771E0061ADFDF29CFADC880AADBBB6BF48314F148169E915E7355D730AA41CB90
                Function 018860E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                • Instruction ID: 5270e3f213830114e3d4881a50b2074bdc774addb04e6985f8709b21f1e7ec2f
                • Opcode Fuzzy Hash: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                • Instruction Fuzzy Hash: 88917171D0061AAFDB15DF68D884BAEBFB5AF49710F254169E610EB341E734EF009BA0
                Function 0181E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8fe0b80a82a9aa696b10df5792da45ea7f82f0e1c452df6720a11d0021a4750
                • Instruction ID: 228bdd59d62d5c19eac54947c63d122cd11ee9a1df71b693dc136d69bcfc7cbf
                • Opcode Fuzzy Hash: e8fe0b80a82a9aa696b10df5792da45ea7f82f0e1c452df6720a11d0021a4750
                • Instruction Fuzzy Hash: 43910432A00616CFEB269B5CC480BB9BBAAEF94718F154169ED06DB288F634DB41C751
                Function 01856ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                • Instruction ID: 3edc3101fe2482ed4e3882662e84f3dacb0c79eff4fc0eec1d650aad1eca6bbc
                • Opcode Fuzzy Hash: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                • Instruction Fuzzy Hash: 01819471E0061A9BDB68CF69C940ABEBBF9FB48710F54852EE845D7640F734DA40CBA4
                Function 018CAB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 5d3ff4bd6297fd3c4caba944c55ae4d3998aa7c5ff0ffe2340f29ba057f41e50
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: 48816F31A002099BDF19CF9CC880AAEBBB6EF84714F18856DD916DB345EB34EA01CB50
                Function 0183E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                • Instruction ID: 1ac9ebf2d052c6c0bbdec4c3b8c4d6df763b68b71072e104bb3b1cee32d9baae
                • Opcode Fuzzy Hash: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                • Instruction Fuzzy Hash: F1813271900609AFDB25CFA9C880BDEBBFAFF88354F144429E555E7250D770AE45CB90
                Function 0181C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b475ec5285e80d7192bb012154638c954c272a7dea51d7b3a4693dd5016d930
                • Instruction ID: 04f8af29b3058d90c5e729b8aaedf88b73f524328ce152bbf60d1c6686272e93
                • Opcode Fuzzy Hash: 4b475ec5285e80d7192bb012154638c954c272a7dea51d7b3a4693dd5016d930
                • Instruction Fuzzy Hash: EE71CFB5D00229DFCB258F59D890BBEBBB8FF59714F14451AE946EB354E3709A00CBA0
                Function 018B47A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                • Instruction ID: 922fa80c6e3539f9bf442a883013889d4252a17516b3385b50d12ab6e6b46d05
                • Opcode Fuzzy Hash: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                • Instruction Fuzzy Hash: 64718170900205EFDB20DF69D985E9ABBF9EF90300B24525EE601E739AE7319B40CF55
                Function 0181260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                • Instruction ID: 81fa86c00581c2a8cb0344e6b8470701f5b5b2c3f76d21bc924c137bc404cef7
                • Opcode Fuzzy Hash: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                • Instruction Fuzzy Hash: 2471D5726042428FD316DF2CC480B66B7EAFF84314F1489A9E855CB39ADB34DE45CB91
                Function 0188035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: fc107f28ba7421618abfc740d2cae220b48ae92db0a749b6dc4dee115962744b
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 60715E71A00619EFDB10EFA9C984EDEBBB9FF58710F104569E905E7250DB34EA05CBA0
                Function 018962A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                • Instruction ID: 4f405117ba8f4b121e8e49c0dab902d3294433cd30be87069cc9afb90443f892
                • Opcode Fuzzy Hash: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                • Instruction Fuzzy Hash: E0710532200B05EFEB32DF58C884F56BBA6FF40764F284428E615C76A1EB75EA44DB50
                Function 01808AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                • Instruction ID: 4aa4ad2b8c1e4bc229889ea7a07ad13ed67c5b30d69af80756624cb794abd632
                • Opcode Fuzzy Hash: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                • Instruction Fuzzy Hash: 0581AB72A0470A8FDB25CF9CD984BAEB7B6EB49314F15416ED904EB291C7749F80CB90
                Function 018D8324 Relevance: .2, Instructions: 192COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99d48f0af964e81052eda863cca3c29f065b9ad8a781b7c2540c06cba773692d
                • Instruction ID: db0b38c259c67929a525d2606730204516d5f44221b99047320165508077bf1d
                • Opcode Fuzzy Hash: 99d48f0af964e81052eda863cca3c29f065b9ad8a781b7c2540c06cba773692d
                • Instruction Fuzzy Hash: 81711B71E00209AFDF15DF98C881FEEBBB9FB05754F104159F614E6290EB74AA05CB91
                Function 018BA250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                • Instruction ID: a5f5a51298a40f6a37ebc75cc5e416b7faf5de51ae33ee825a18ea5c5d8fd3b8
                • Opcode Fuzzy Hash: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                • Instruction Fuzzy Hash: 3351BF72504716AFD715DE68C8C4E9BBBE8EBC5B54F000929BA40DB250DB74EE04CBA3
                Function 018A8350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                • Instruction ID: e4d656d3a6a92d0823a6f111406b613e808e900aa5de9d9c801bc9a01f33780a
                • Opcode Fuzzy Hash: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                • Instruction Fuzzy Hash: 5C51B170900709DFE721DF5AC880A6BFBF8BF55714F50461EE292D76A1C770A645CBA0
                Function 0183E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                • Instruction ID: 3bd717604c67db393f02ee2e1e71d4e41df1ed753d39f7cb5ddd8f18cfee5c0f
                • Opcode Fuzzy Hash: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                • Instruction Fuzzy Hash: 0E516D72600A09DFCB22EF69C980E6AB3FDFF58754F44046AE551D7260E734EA50CBA1
                Function 018A4180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                • Instruction ID: aa95a29925505a6121badde1b4e5ccd70fb78d5cf0c32a118955daabc6b3433d
                • Opcode Fuzzy Hash: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                • Instruction Fuzzy Hash: 0C5147716083469FEB54DF29C880A6BBBE5BFC8308F88492DF595C7250EB70DA05CB52
                Function 018245B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: d6c1a24cce8f010816571f5bc86138bf31a801a55309653276ac3019abeb39b0
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: 03515E75E0422EAFDB16DF98C440BEEBBB9AF45754F044069EA11EB240D774DE84CBA0
                Function 0188E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: d2d65fdfcb6dac36c23666b6a5e546dd9ef5046ba45465703b0310c9e7a67fa2
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: 1A51A531D0021EEFEF21BF98C894BAEBB79AB00764F154665E912F7190D7309F408BA1
                Function 018C8B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                • Instruction ID: 87d9bd973b24cc38151c642c7a08758f946846d7451799d1a16128cee71d959a
                • Opcode Fuzzy Hash: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                • Instruction Fuzzy Hash: 8541D5707816119BE729DB2DC894B7BBB9AEF92B20F04822DF955C7281DB34DB01C791
                Function 0188CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                • Instruction ID: 15e122f5b8fa6e5c5a5ddfef0dc79d60c59030f3c5ba9c2e15546072a5c63dd0
                • Opcode Fuzzy Hash: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                • Instruction Fuzzy Hash: 27515D7690021ADFCB20EFA9C98099EBBB9FF48354B254519D545E7708E734AF01CFA0
                Function 0183A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c00c33b7f5e3feaddd7faea45a75de9825a94d4c168d0905d0ce78d5c1eedff9
                • Instruction ID: dfb9f7746a7c7f8b378f2597ea61624d4508cb0b6c54b0bb9c21cd12b0c7e71c
                • Opcode Fuzzy Hash: c00c33b7f5e3feaddd7faea45a75de9825a94d4c168d0905d0ce78d5c1eedff9
                • Instruction Fuzzy Hash: E1412A75A402059BDB29EF6CD8C1F6A7765AB94708F08002DFE06DB242EB71DB10CB91
                Function 018CA9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 288ed2f4ae149c92f6bcb5813f0e2963c7f752bb0c636ddc9c9a3051d11d3d42
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: 2D41E97260171A9FD729CF1CC980A6AB7A9FF80714B05462EE912C7644FB30EE04C7D1
                Function 018301F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                • Instruction ID: c7121d640282225335309f0e21e63dd67d24c3f4492382b8f67300e9add1dc79
                • Opcode Fuzzy Hash: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                • Instruction Fuzzy Hash: 8841BC369002199BDB15DF98C440AEEBBB5BF88714F19826AF819F7340E7349E41CBA5
                Function 0182EBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                • Instruction ID: fe86b6468034a6c5e8c3a97b40280f305d0f75d41528036183ad82566e67bab1
                • Opcode Fuzzy Hash: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                • Instruction Fuzzy Hash: A541D2722103059FD725EF6CC880A57B7EAFF98328F10492EE657C7215EB34EA848B55
                Function 01842750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 8a1a98a87f62742a445cd2de2ee56e47a41b84a13ee01bc2eac159509957aedd
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: 6B514775A00219DFCB19CF98C480AAEF7B6FF84714F2881A9D915E7351D730EA82CB90
                Function 01806154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                • Instruction ID: 64f1849af70932adb9de2951c4f7dbe30a3552b6a2211e1bc930339b97e3cdc1
                • Opcode Fuzzy Hash: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                • Instruction Fuzzy Hash: F451077090020BDBDB66CB28CC00BA8BBB5FF11314F2442A9E525D72C5E7345B91CF45
                Function 01800BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                • Instruction ID: 23342c7d8cc3c561609ec7f5432e3ffcada95b74e3aaffb8c5ebf8911554ef0a
                • Opcode Fuzzy Hash: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                • Instruction Fuzzy Hash: 0D415E35A0022D9BDB62DF6CCD40BEAB7B9EF45750F0100A5E948EB281D6749F84CB92
                Function 018C866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 1a2cc9afc562d1d77fa53d5e7685e7c2e86af7e1f8a6b322ed1d2569f5b4f36b
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: 5E417475B40105ABEB15DB99CC84AAFBBBAAF89B10F14806DE905E7341DB74DF0187A0
                Function 01800887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                • Instruction ID: 67eefe80efc6d678fb435df5d096a599b6b21dcf81c307735a24f3339b94ffa8
                • Opcode Fuzzy Hash: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                • Instruction Fuzzy Hash: B041B0716007099FE366CF28CC80A22B7F9FF49354B104A6EE547C6A91E730EA45CB91
                Function 0182A470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                • Instruction ID: 209fc46dfbc63ac349f248029ca3aac7736a0d8f5c02b50a1b9cbc66abe802e6
                • Opcode Fuzzy Hash: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                • Instruction Fuzzy Hash: 4741AC32940629CFDB2ADFA8C984BAA7BB5FF14314F14015AE411E7695DB349B80CFA0
                Function 01808BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                • Instruction ID: 33bc181c7355f7db8eba9d6eb1cec601ed47ca9b93bffae2c25be8163aeecd38
                • Opcode Fuzzy Hash: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                • Instruction Fuzzy Hash: 4B41F332D0020ACBD7669F4CC880A6BBBB6FB96704F14812ED905DB295C7359B81CF90
                Function 017F8918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                • Instruction ID: bf89dd628efe969e371c7b67cc2c00dcc1c5997af0a510d44688198bd32b72d6
                • Opcode Fuzzy Hash: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                • Instruction Fuzzy Hash: 374128725083169FD312DF698840A6BF7E9EF88B54F40092EFA84D7250E730DE458BA3
                Function 017FA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: 71ed6a15bad6baa4d6f91f3ea4b6d83c331ad6e8e934d52b50c462aba193efe9
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 80413931A00215EBDB21DE2894447BBFB72EFA0754F15806EEE49DB344E6368E80CB90
                Function 018009AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                • Instruction ID: 474846c45a222cf07ff1dad92baddd5fd1b8ac3ddac62940a6ea4b9183763d4d
                • Opcode Fuzzy Hash: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                • Instruction Fuzzy Hash: E9418E71600709EFD362DF18C840B26BBF5FF54354F20866AE449CB291E770EA41CB91
                Function 01830710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: 5a208b1ae0f0ee1cd251b19e7953758ed6591bb4d4463a835590bcaf13b19ab6
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 63413871A00609EFDB25CF98C980AAABBF9FF58704B14496DE556DB251D330EA44CF90
                Function 0180262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                • Instruction ID: ededa6bb355c8fffaab1bf9c1ba6f3955baee0e4cd6633fd2d6e1b6dc11fc67b
                • Opcode Fuzzy Hash: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                • Instruction Fuzzy Hash: 6D418C71901709DFCBA2EF28CD44A65B7B2FF44314F24826DC916DB2A1EB70AB41CB52
                Function 0183C8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                • Instruction ID: 94e087be24b7f3fa309f4faded1594a10a9e6525cecf099ac66280cdd1fbb0f5
                • Opcode Fuzzy Hash: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                • Instruction Fuzzy Hash: 5A3199B2A00345DFDB11CF68C040B99BBF0FB49724F2581AED519EB251D3769A02CF90
                Function 018807C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                • Instruction ID: 840124fc6e4bfd73ccab0cb86591177c7dd3ab0444b2fae14305f562b3f752b7
                • Opcode Fuzzy Hash: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                • Instruction Fuzzy Hash: A7418DB15183059FD320EF29C845B9BBBE8FF88754F004A2EF598D7251DB709A44CB92
                Function 017F80A0 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cab8f8121228823466f0357241bfce6f6ef55a2f956f522f16b30ea99c6bb778
                • Instruction ID: 594a4fc694d89993cccb389d43f9484c27d829e08b0fef180718edb66c6d460b
                • Opcode Fuzzy Hash: cab8f8121228823466f0357241bfce6f6ef55a2f956f522f16b30ea99c6bb778
                • Instruction Fuzzy Hash: A341D071A0561AAFDB01DF58C8806AAF7B1FB14760F24832DEA15A7380DB30ED418B92
                Function 018805A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                • Instruction ID: c6dc899456f08a9b99d110ac811d138804dbbf32deeeb720855be8283f5b4976
                • Opcode Fuzzy Hash: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                • Instruction Fuzzy Hash: D041A2726087469FD320EF6CC840A6AB7E9FFC8704F144619F994D7680E730EA09C7A6
                Function 01804859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                • Instruction ID: a5cc6b22496805f1b9963d6e8dc4fe3ecf712370a9ab593c21aa8e3671eaa058
                • Opcode Fuzzy Hash: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                • Instruction Fuzzy Hash: A24191716443098FD766DF1CDC84B26BBAAAF80354F14457DE645C72E1D730DA41CB51
                Function 017F8B50 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 980e8724d0535b4c0233d5c425c541f5bc9bfaf31002a9df6257b48f00374fdd
                • Instruction ID: dfc959cd6adf0d375165bf472cbeb96cfcd547553d81d876a0774bc2c5079024
                • Opcode Fuzzy Hash: 980e8724d0535b4c0233d5c425c541f5bc9bfaf31002a9df6257b48f00374fdd
                • Instruction Fuzzy Hash: F1416D71A01609DFCB15CF69C980A9EF7F2FF98320B1486AED666E7390DB349941CB41
                Function 018102E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: f6c25ac77bc0ee426caa4046d7c7c4364db400f6b3f3687b98a6f68b53ce81ec
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: FD311832A04248AFDB228B6CCC40B9FBFEDAF14354F044565F855D739AC6749A84CBA1
                Function 018AE3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                • Instruction ID: f2019904e37eafffa0b57b059864731e70758578bbd8acc658aefd020d3bf51d
                • Opcode Fuzzy Hash: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                • Instruction Fuzzy Hash: 0731BC35741716ABE7229F598C81FAB76FCAF59B50F400428FA00EB291DAA4DE01C7D1
                Function 018B4B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                • Instruction ID: 7d929c25758a559527d2c68ea375e2fa0e17ddb0653edbe4c3330e62800ab07d
                • Opcode Fuzzy Hash: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                • Instruction Fuzzy Hash: A5318E326052018FC321DF1DD8D1EA6B7E6FB84760F29446DE996CB356EB31AA40CF91
                Function 01804260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                • Instruction ID: 91b84fe26c94869200a638259e9f3a02ecaed66ec54a4bf14b15f5ee3e9467d9
                • Opcode Fuzzy Hash: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                • Instruction Fuzzy Hash: 8241BE71200B499FC763CF68C880F96BBE9AF45714F11882DE699CB390C734EA04CB50
                Function 018B4BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                • Instruction ID: 4bed1b94a0a76fc47ac860e9767e21e49b010f604e81c7f00ecaa1c5da3fc4d2
                • Opcode Fuzzy Hash: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                • Instruction Fuzzy Hash: BD317E716042018FD320DF28C8D1EAAB7E5FB84B10F19456DF996DB396E730EA04CB92
                Function 0187EB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                • Instruction ID: f866d108f460ad35062c6aa8b339e0bc2c5466c9ab01840ccaf8f6f5cc3aed35
                • Opcode Fuzzy Hash: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                • Instruction Fuzzy Hash: 9C31D1323016869BF326976CCE48B257FD9BB51B44F1D00E0AF85EB6D2DB28DA41C231
                Function 018C61C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                • Instruction ID: 686a390b3f6e7387c7f7b9efe84a63a2f462a19d6e272efcfa350570d6bc54d4
                • Opcode Fuzzy Hash: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                • Instruction Fuzzy Hash: 1E319276A0015AABDB15DF98C840FAEB7B6EB48B40F554169E900EB344E770EE41CB94
                Function 018A483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                • Instruction ID: 68c9cbd8e6677cf3fb59429f8055593c61eeb455b4a99c2d7e9b57eb39e02219
                • Opcode Fuzzy Hash: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                • Instruction Fuzzy Hash: 28315576A4112DABDF21DF58DC44BDEBBB9AB98310F1800A5A508E7260DB70DF918F91
                Function 0182EB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                • Instruction ID: bd07f52f406440d20e70e0ad9c851a97053a9fb720fddd8e3edb60565feb21df
                • Opcode Fuzzy Hash: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                • Instruction Fuzzy Hash: FF31C772E00229AFDB22DFADCC40AAEBBF9EF58750F114425E915E7250D6709F408BA5
                Function 018C60B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                • Instruction ID: 2d9ff91305990e09682fd732953c73ba1422bc555c794287b0807bfbe0a60544
                • Opcode Fuzzy Hash: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                • Instruction Fuzzy Hash: A831D872600A06EFD7129F5DC890B6A77B9AF94B54F20407EE505EB342EA30DF018B91
                Function 018007AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                • Instruction ID: 490a841c976fcaf7c6f9a52a38bd33c8faf04576718cb0253aceeecbc42b0845
                • Opcode Fuzzy Hash: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                • Instruction Fuzzy Hash: F231AF72A0461A9BC753DE288C80A6BBBA5BB943A0F014529FD59D7391DA30DF1187E2
                Function 01808550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                • Instruction ID: 8e14669f1835454d99253958ff7043624aef5de7cb33b5d2df1fad4205b7feaa
                • Opcode Fuzzy Hash: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                • Instruction Fuzzy Hash: 09319E71A093018FE761CF19C840B1ABBEAFB88700F0549ADF984D7391D771EA44CB92
                Function 0183A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 934c382b8d6d1617874aa4d387498140bd62812861a89fa833e44f7a60b7e0c1
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: C0312E72B04B01AFE765CF6DDD81B57BBF8AB48B50F18452DA5DAC3650E630EA008B90
                Function 018AEBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                • Instruction ID: 8cc970b11bb21e4b238509105682605149b779d73d51fe78da75d69657683479
                • Opcode Fuzzy Hash: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                • Instruction Fuzzy Hash: ED317A715153028FCB11EF19C58095ABBF6FF89318F444AAEE588DB351E331AA44CB92
                Function 0182438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                • Instruction ID: a8ebc43b4140b7bf132e704d450ec801c4d5dbde28906e7e6dd2d037059d328c
                • Opcode Fuzzy Hash: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                • Instruction Fuzzy Hash: 5531F432B116159FD721DFA8C980E6EBBF9AF80308F108529D106D3255E730DF81CBA1
                Function 017FCB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: abd0c50a36f36d2a23c02331af114cddcee7b5b6e7807aab3a593bdfb834d42c
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 62210136E4025EAADB119BB98851BEFFBB9EF14740F0581799E15EB340E270CA00C7A0
                Function 017FC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                • Instruction ID: 74dda1e0507eeebbc97949257edf7e2f19229ceae7fbbb352382ec113011ebea
                • Opcode Fuzzy Hash: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                • Instruction Fuzzy Hash: D03129B25002018BDB71AF5CCC40BA977B4EF50314F5482A9DD45DB386EA349B82CBA1
                Function 018BC3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: f880e310b61daa20beccb98b555599819289a62644f7c51e01f560236c3d768e
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: E6212D3A600A5677CB15AB9988C0AFBBFB4EF40710F40841AFA55C7751E739DB40C3A1
                Function 017FE420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                • Instruction ID: 2cea2628532c7f97caf0196ab72f5b903d5d698aa595f7c4395edc20b281806a
                • Opcode Fuzzy Hash: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                • Instruction Fuzzy Hash: CC31C432A0051C9BDB319F18CC41FEEB7B9AB15750F0200A9F745E72A0DA749E808F91
                Function 01834588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 12dfdd773e712d4748a653fe83285e7216587e34567150b8597a3f21930956f6
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 48217136A00609EBDB15CF58C980A8EBBB5FF88714F1480A9EE15DB241E671EF059B90
                Function 018344B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                • Instruction ID: 592dc512907959410f4b8569cab29623277be77f72eb09a77e1739844986caa3
                • Opcode Fuzzy Hash: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                • Instruction Fuzzy Hash: 09218172A047559BC722DF18C840B6B7BE4FF88760F054519FD55DB681D730EA018BE2
                Function 017FE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 7ee46cdaace5dee588fd72bc49c4e8d3c17030efebfbc295ca88e2bc15fda99c
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: DA316931600605EFE721CB68C884F6AB7F9EF45354F1145A9EA52CB3A0EB34EE02CB51
                Function 0187E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2775fc582c8f0532bf8aa18e3d731398a9de9ff5aea6d320b5f4b4d4da186dab
                • Instruction ID: c9ccd530f5eaf27e0ca137e8626ad4379d0e720581b34522e9f260d4227bf6d0
                • Opcode Fuzzy Hash: 2775fc582c8f0532bf8aa18e3d731398a9de9ff5aea6d320b5f4b4d4da186dab
                • Instruction Fuzzy Hash: 6C317C75A00209DFCB14DF1CC8849AEB7B6FF88314B254599E809DB3A1EB71EB50CB91
                Function 018806F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                • Instruction ID: f892839d9e1887339d833b9f6bb8f388573df645a61449fbdbbab1d17454aabb
                • Opcode Fuzzy Hash: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                • Instruction Fuzzy Hash: 2A2191769006299BCF10EF59C881ABEB7F8FF48740B554069F941E7244D739AE41CFA1
                Function 0188019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                • Instruction ID: 00b000c129b93793f8fedbe4ea1514ac9d3c7d1c2d2beb5fb53e16885d7135e8
                • Opcode Fuzzy Hash: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                • Instruction Fuzzy Hash: BF21AE72600645AFD715EBACD840F6ABBB8FF58750F140069F904D7691D738EE40CBA9
                Function 01880283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                • Instruction ID: ca8af9a1a7ba90994eab9b41c11b8b898b0df4d0284b428cd225c2715e93e424
                • Opcode Fuzzy Hash: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                • Instruction Fuzzy Hash: 0A21D0729043469BD712EF5DC844B5BBBECAFA0350F080466BD80D7251D734CB08C7A2
                Function 01822835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                • Instruction ID: 47956b8ee7d01c42d8d255d1707f62a6c8d3ab45129c9cc992894101dcc88c80
                • Opcode Fuzzy Hash: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                • Instruction Fuzzy Hash: 03213B32704695ABE327572C8C04B247B9AAF41B74F190364FA20FF6D2DBACCA41C211
                Function 0183A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                • Instruction ID: 4e76ef872c3bb4216bbad6edd17bae5cc80485adb41360af05462d80f0a11b7c
                • Opcode Fuzzy Hash: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                • Instruction Fuzzy Hash: CC217979211A019FC729DF29C901B56B7F5BF48B08F28846CA549CBB61E371EA42CF94
                Function 018BA49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1e787e58eb1810d064d52c8b81f6eb4f1186c385f4148b6b5b433a58a4baa67
                • Instruction ID: e5e34cd2da227efbb677b064ebd91da170e620a5521bd90f75906aae52e17b1e
                • Opcode Fuzzy Hash: e1e787e58eb1810d064d52c8b81f6eb4f1186c385f4148b6b5b433a58a4baa67
                • Instruction Fuzzy Hash: AD113A36380A157FE32656989C80FAB76D9DBD4B60F500028BB09CB380EB74EF008796
                Function 01880946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 80534e2de0485d6e71392d6d7a5ebba9d252750c9f886faf7d8d24f2e77c24d0
                • Instruction ID: bf877fe93b8cfbca07af661cdd2c0f1070150e202c6414d46620ff51e0306ae7
                • Opcode Fuzzy Hash: 80534e2de0485d6e71392d6d7a5ebba9d252750c9f886faf7d8d24f2e77c24d0
                • Instruction Fuzzy Hash: 8121D6B1E00209ABCB20DFAAD8859AEFBF8FF98710F10012EE505E7340D6749A45CB55
                Function 018980A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 12198b6a663409d04758c44bda10e30f7559b4bf58ed8b8910b99ab9d098a01e
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: 6D218EB2A0020AEFDF129F98CC40BAEBBB9EF8A350F244419F900E7251D734DA509B50
                Function 01830124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: d1841d0a04a5d4636b44d02a4450944dbdb7b0356dbbfc88458e882caf833e5a
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: D211D073600A05AFD722DA48C840F9EBBB8EB80754F140029F601CF190D671EE44DB95
                Function 01808770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                • Instruction ID: ee95d43864a04ae2fca9a334293d137e8179335f759d029179137124161296b8
                • Opcode Fuzzy Hash: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                • Instruction Fuzzy Hash: E211E631B006199BDB92CF4DC8C0916BBE5EF4B710B18407DEE08CF249D6B1DB418B90
                Function 0183AAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: ba1386106d5226e91436d413469cd559257553ced71626bb1545b2352f50329f
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: FC217972600A45DFD7299F49C540A66BBE6FBD4B10F18887DE98AC7610C731EE01CB80
                Function 018080E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                • Instruction ID: 0a37727c089e662662cf1c83d9465aa2251ea21ba042bbcf6cd0e3381f73d338
                • Opcode Fuzzy Hash: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                • Instruction Fuzzy Hash: 62218E35A0060ADFCB15CF58C981A6EBBB5FF89318F20416DD105A7350C771AE46CBD0
                Function 0183674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                • Instruction ID: bd64b72069c152c1315d42f0678c78dc0af56d4844e2d08d9582652c72bd22fa
                • Opcode Fuzzy Hash: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                • Instruction Fuzzy Hash: 7B218E75510A00EFD7218F6CC841F66B7F8FF84354F54892DE59AC7250EA30AA50CBA0
                Function 0182E8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                • Instruction ID: 93c3f2b1ab15aab6d8fd6056b5da7bbf8d22d67f0badab50c751b192e6e7844b
                • Opcode Fuzzy Hash: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                • Instruction Fuzzy Hash: 1F112F333001245FCB1ADB29DC91A6B729BEFD5374B35462DDA22CB254ED30DA41C795
                Function 01896870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                • Instruction ID: 53d8791f8447c59ce682004efe16f9758655f0b87e3037423cfac50282842dba
                • Opcode Fuzzy Hash: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                • Instruction Fuzzy Hash: 6411C672240518EFCB22DB5DCD40F9ABBA8EF95B64F254025F606DF251EA70EA01CBD0
                Function 018366B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                • Instruction ID: c9a4b3a78bfffcc01a6ff328c62851a313c6d19564e507d5d057a92e2e91d368
                • Opcode Fuzzy Hash: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                • Instruction Fuzzy Hash: D211BF76A01206ABCB26CF5DC580E5ABBE9ABC4750B698279D905DB315F630DF00CBE0
                Function 018CA8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: cf66756848549f90df2ab55d6b380fdcf1f7714c7cd31304be40ee36283c8167
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: 78110436A00909AFDB19CB58C841B9DBBB5EF84710F058269EC55E7340E631FE01CB80
                Function 01800AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: c6578a06a1996affb0e314402bc1e348788c749d0ef088cf1828ba39dbc975eb
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: 192106B5A00B099FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B50E771E914CB90
                Function 0188E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: b06401ec885b4729b7a65da48490105e70006192a9b36201f27a9e21187ed276
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: 0311C232A20609EFE721AF4DCC44B5EBBE5EF45754F058428EA19DB160DB71EE40DB90
                Function 018227ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                • Instruction ID: 512930c3f0e0b04d9180e792a45e076a8987d24cba22fb5a4e572f9c5eb9c7bc
                • Opcode Fuzzy Hash: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                • Instruction Fuzzy Hash: E1014932305689AFE32BA66DDC84F277B8DEF90395F050075F900EB251DA58DE00C2B2
                Function 01804690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                • Instruction ID: 0f401c91a13d445b6e7df06c48e51adb50f83569ab0df6db82333348136e7257
                • Opcode Fuzzy Hash: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                • Instruction Fuzzy Hash: 57119E7628064DAFDB668F5DDD40B567BA8EB86B64F004219FA05CB691C370EA00CF60
                Function 018D4B00 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e526ddbbc9e7fd2fe8792e9ec023c47ad5d059a1d1a056ea85e97e3702efd955
                • Instruction ID: 2220e993faa9083994c88848a5825de25b555b7bd0299d8bdaf5bc87d5ffea52
                • Opcode Fuzzy Hash: e526ddbbc9e7fd2fe8792e9ec023c47ad5d059a1d1a056ea85e97e3702efd955
                • Instruction Fuzzy Hash: 8D1129322007119FD722DBADD840F27B7A6FFD4320F144429EA86C7A50DA30EA02CB90
                Function 01836620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                • Instruction ID: c07507ad2f922baccfad7795b872c1f2a581b1fc23e59b978600c887353e60f7
                • Opcode Fuzzy Hash: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                • Instruction Fuzzy Hash: C4117072A00615ABDB229B5DC980B5EFBB8EF84790F690459DA01E7244F730AB059BA1
                Function 0182EA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                • Instruction ID: a88c0b1f67f1d17f9b4a9d779977dc73264b5b36f984fb00542a82a883158d96
                • Opcode Fuzzy Hash: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                • Instruction Fuzzy Hash: 53019E715011099FC726DB19E448F16BBF9EB95314F21816EE206CB6A4CB70AE86CF94
                Function 0182E53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: d1fe456e000569de773af55c365dca3442b0f98ed8fe05f6c7ca29bdf0d51f47
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 0411E5722126D69BE723972CEA64B257B9CAF0075CF1900A0EF45D7642F728CA82C255
                Function 0188E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 9a8a345abe7e3bee9b842ac2cb83206f59ea5922a23cdf968eac5438b91a17dd
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: 33019236600109AFE721BF5CCC40F5A7AA9EB95B54F058424EA05DB261E771DF40C790
                Function 017FA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: f38a5a73cbab96c1f9040f419f1b800108ddbbd967dc762aec89b3412697e4a0
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: F7012636608B219BCB318F19E840A33BBA8EF95B70700852DFE99CB381C731D400CBA0
                Function 018D4940 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc66967bb1c2f7b7148ccb14f24e8c7199678302435ea301296b793032e4f1fc
                • Instruction ID: 103eb22be4aa6ceb108b2bd6147d1c1c615860d15f4d4a738aaaccae8b258f4a
                • Opcode Fuzzy Hash: fc66967bb1c2f7b7148ccb14f24e8c7199678302435ea301296b793032e4f1fc
                • Instruction Fuzzy Hash: C2012233541301AFC332DF1EC840E12B7A8EB81370B254225E9A8DB5BAE730EA01CBC0
                Function 0187E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                • Instruction ID: f51703e78b66852d99852aaad0596137d446e9ab64d1730daa28d69133a91f19
                • Opcode Fuzzy Hash: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                • Instruction Fuzzy Hash: 9911A132241245EFDB26EF19CD80F167BB8FF54B54F2000A9FA05DB691D635EE01CA90
                Function 01806259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                • Instruction ID: 28cd02acb2dfb6e1fdf5a8651c948414dd11269a99fc88f09e8160ff38cbdf3d
                • Opcode Fuzzy Hash: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                • Instruction Fuzzy Hash: CE115E7154522DABEB65EB68CC41FE9B375AF04710F504194B314E60E1DB709F91CF85
                Function 0180208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: edf7cb7681aa361362e19c3de68b4cd9a20729ba72984c7e3b49936273947525
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 2F0128322002148BEF52CA1DDC84B52776BFFC4714F5545A5ED45CF286DAB1CE81C390
                Function 01886050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                • Instruction ID: eab0227004a211ba0b4aa8fa08b16bc968c78274be75df7870dcd1188936d31e
                • Opcode Fuzzy Hash: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                • Instruction Fuzzy Hash: 4011177790011DABCB12EB98CC80DDFBB7CEF48358F044166A906E7211EA34AB15CBE1
                Function 01896500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                • Instruction ID: 174b8504d3d83ed8c66038be4bfc5cc994fa7ab67b18e7fc8d575cd77c87adb4
                • Opcode Fuzzy Hash: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                • Instruction Fuzzy Hash: 2811A1766441469FDB11CF58D800BA6BBB9FB9A314F1D8159F848CB315E732ED81CBA0
                Function 0188C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                • Instruction ID: 1199cff6d8107ec94190484e24b15b2429232379fa2b104641b4f61082c6e782
                • Opcode Fuzzy Hash: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                • Instruction Fuzzy Hash: 5A1118B1A0020D9FCB00DFA9D541AAEBBF8FF58350F10406AA905E7355D674EA018BA4
                Function 017FC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: bdd6cf08b8f8465f83ab0363c46927b8bd514e4c69ebc21ed80cc3589dde3aea
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 9D01B5321007099FEB2396ADC800EA7B7E9FFC5314F04495DAE46CB650DA74E642C751
                Function 018420F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                • Instruction ID: ec3bf9d7bc1bab835b991f434b90b74cd3e99cbd0a0938df014337ca66b9ddef
                • Opcode Fuzzy Hash: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                • Instruction Fuzzy Hash: DB116D35A0120DEBDB05EFA8D850FAE7BB6EB44344F104059F906D7250DA35EF11CB91
                Function 0183E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                • Instruction ID: 45e64075375a6dfb3558126facdf6e7a5b66be0dae5fc66242a1e5310033b402
                • Opcode Fuzzy Hash: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                • Instruction Fuzzy Hash: 9E01DF72610A02BBC311BB2DCD80E53BBADFB947A4B000629F605C3650EB24EE01C6E1
                Function 018969C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                • Instruction ID: a4b2817b5af2c9582a0d673208b1ca45411785c524fb5968b48528c1702df133
                • Opcode Fuzzy Hash: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                • Instruction Fuzzy Hash: E201FC322142169BC720DF6EC848D67BBE8FF54764F654129ED59C7180F7349A01C7D1
                Function 0188C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                • Instruction ID: 6fa0d51e4328b501fbc8e19b1ad8c40f0ad255d82a045b28681fa0a00a5bdf1a
                • Opcode Fuzzy Hash: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                • Instruction Fuzzy Hash: 3C115B71A0120DABDB15EFA8C880EEE7BB5EB48354F104099BD01D7344DB34EA51CBA1
                Function 0188C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                • Instruction ID: 9e2f162c242b6fbfcb9762b3912b9d319d5bd4b889b59cf9c039e3bda87ff84d
                • Opcode Fuzzy Hash: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                • Instruction Fuzzy Hash: CB1139B16183099FC700DF6DD841A9BBBE8EF98710F00455EB998D7395E670EA10CBA6
                Function 018D4A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 28f4b68403491788d09d350625ffd7d47c52f9273ba5c29b227d1f64bf94921f
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: 3701D4322007069FD7219A6DD844F96BBEAFBC5310F044859F642CBA90EAB0F980C795
                Function 0188CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                • Instruction ID: 4b3e85b76ad1113b76cd670397bd8ef729cb62557c610b14adeb05c3fbe4ca58
                • Opcode Fuzzy Hash: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                • Instruction Fuzzy Hash: B3113CB16183099FC710DF6DD44195BBBE4FF99750F00451EB998D7354E630EA00CBA6
                Function 0181E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: c619072081ee11728d48b05bd567d1a6e66f6184d711be8181722a9de57c5158
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: 92017C32600584DFE323D71DC948F667BDCFB44B58F0914A1FD05CBA92D628DE40C621
                Function 017F826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                • Instruction ID: 3d91be4de126070aae9da68630384c242e485051549e5a86ef93a854b5d1a55a
                • Opcode Fuzzy Hash: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                • Instruction Fuzzy Hash: D0018F356045099FDB14EB6DDC089AFB7B9EF85220B15406D9A01EB784EE30EE02C792
                Function 018AEB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                • Instruction ID: 6128a958dc46be00de3c39a746065db11db514d925870b92c137852c42630025
                • Opcode Fuzzy Hash: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                • Instruction Fuzzy Hash: 8001A7712407059FE3315F1AD840F02BAA9EF55B50F11482EB705DF390D6B1AA41CB95
                Function 01802582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c99d181df4557257e9194fc6b3d7cf57349dbff164e0ad135ba6c06daa694fb6
                • Instruction ID: bcb07dce67019c7b3b29653bd4499d7202f2821bb1515919fc82d6a2b2b7214a
                • Opcode Fuzzy Hash: c99d181df4557257e9194fc6b3d7cf57349dbff164e0ad135ba6c06daa694fb6
                • Instruction Fuzzy Hash: E7F0F933A41A14BBC7729B5A8C84F477EAEEB84B90F104028BA05D7640D670EE01CAA1
                Function 0182C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: aba7fc73540be0162f76f21e3474fdf8c2375ebc3011adfd88fe3e86216a0f7a
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: ECF04FB2A00625ABD325CF4D9840E67FBEADBD5B90F058129E955D7220EA31DE05CB90
                Function 017FC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 2599357dca2fa8eb73410f893fb30cfb5a8e841670f137b0e64507bb6c0130d8
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: B4F0FC332046279BD733165D8840F2BFA95CFD5BE4F1A043DE7059B304C9608D0196D3
                Function 018D634F Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb2648529dee1f54881df47b2a2568eb8ef8a8eaabe25cc2bd71c662a4bb698a
                • Instruction ID: bbd4c8a781961fde35100228e05b5061fd475c6425a921808265983db7e27742
                • Opcode Fuzzy Hash: bb2648529dee1f54881df47b2a2568eb8ef8a8eaabe25cc2bd71c662a4bb698a
                • Instruction Fuzzy Hash: 0F012C71A1020DABDB04DFA9D951AAEB7F8FF58304F10406AE904E7350DA74DB018BA5
                Function 018D62D6 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c72e92a02002b52944a656d1e31dc2f92f23887eb9dbd739cd10634eaff69eb8
                • Instruction ID: 65ff162d9a7936bd02e55b5aebe847ec95af28fd8ecf117b4e79d34a25c0f9af
                • Opcode Fuzzy Hash: c72e92a02002b52944a656d1e31dc2f92f23887eb9dbd739cd10634eaff69eb8
                • Instruction Fuzzy Hash: 9C012C71A0020DABDB04DFA9D441AAEBBF8EF58304F50406AE914E7390DA749A018BA5
                Function 018D625D Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54f74d12366cdd7a256cfabeb3fdc6c7bcbf700416fda0b643eb9bf13a092b55
                • Instruction ID: ababff36a555da98a7fda162a508e9875502519f289e316c0ec7ef6ba4607c5b
                • Opcode Fuzzy Hash: 54f74d12366cdd7a256cfabeb3fdc6c7bcbf700416fda0b643eb9bf13a092b55
                • Instruction Fuzzy Hash: DD012C71A1021EABCB04DFADD451AAEB7F8EF58304F14406AF904E7351D674AA018BA5
                Function 018D61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                • Instruction ID: 142d0f253937ca967487729fd5e005aa91bb38f36b8126eb4b052f842d624682
                • Opcode Fuzzy Hash: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                • Instruction Fuzzy Hash: 0D014F71A0025D9BDB04DFA9D445AEEBBF8FF58314F14405AE905E7280EB74EB01CB95
                Function 018863C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: e3ba69fd3be968e9209cd2d44656c38baecff098c868abed509de99a4f09a7f8
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: 4AF0127220001DBFEF029F98DD80DAF7B7DFB55398B204125FA11D2160E631DE21A7A0
                Function 0188A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                • Instruction ID: ab21053a75e0b1e9fee0a756863fe884b3346777d5aa290761032bcbc92eca8e
                • Opcode Fuzzy Hash: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                • Instruction Fuzzy Hash: 83018936100149ABCF12AE88D840EDA3F66FB4C764F058116FE18A6260C336DAB0EF91
                Function 017FC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                • Instruction ID: cb4b12a0a21c6b6c620fa8f807f7f8307a74ed27f3dd78896ac0bcdadd6807e0
                • Opcode Fuzzy Hash: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                • Instruction Fuzzy Hash: B9F02BB12042495BF356951D8C01F23B2AAE7C0754FB5807DEB058B3C1FA71DC1183A5
                Function 0183656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                • Instruction ID: 5760cdf0aaf6c7bb2889342d5075094735664afa14beb57458d1391ab01dcc26
                • Opcode Fuzzy Hash: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                • Instruction Fuzzy Hash: 0301A470305685EBE322AB6CCD48F253BA9BB80B04F5801A4BA15DB6D6E728D7018621
                Function 018A437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 79307dc28da84dbd81a628fce33d393506385dd1a96d89ee0aaef7d680f257ef
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: FCF0BE36341A1347FF36AA2E8820F2FAA95AF90B01B4D452C9701CB680DFA0DA048791
                Function 0188C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                • Instruction ID: 8263d7c72be27777e3a26be97c0f49a3404a682837cefd35aa45f44a14fe2624
                • Opcode Fuzzy Hash: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                • Instruction Fuzzy Hash: 96F0AF716193089FC310EF68C441A1AB7E4FF98714F80465ABC98DB394EA34EA00CB96
                Function 0188E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: 50019c138f585666e514ce002170ac783669d93318d4763b2f95a417484cf28c
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: C2F082337256229BE331AA4ECC80F1AB7A8EFD5B60F190065AA04DB264C760ED01C7D0
                Function 01830854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: c50ffdaa2d8e69c378ffbe1c6d7c8a792063c53277aa0e9441fdb46fc22ef15d
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 87F0B472614204AFE714DF25CC05F56B6E9EFE8344F188078AA45D7264FAB0DE01C694
                Function 0188C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                • Instruction ID: 0dfd6370299495307dc79a6b58538d439fd37e321c632dfb2d023aa5c97d6d8c
                • Opcode Fuzzy Hash: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                • Instruction Fuzzy Hash: C3F04F70A0124D9FCB04EFA9C515A9EB7B4EF18304F10805AB955EB385DA38EB01CB65
                Function 018047FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                • Instruction ID: 8c4e3b7d500fabe56c742b08e6b459b922c90480c501e4368df5c0bdaed89f83
                • Opcode Fuzzy Hash: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                • Instruction Fuzzy Hash: 95F0F0719862DC9EE7A38B2CC804B21BBD49B08725F084C6AC789C3582C7A0DB80C611
                Function 018C0115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                • Instruction ID: 61490b3ac7fdae6d6a818f77c6ce5e28559c26970875ce5e069f4a0259fc093e
                • Opcode Fuzzy Hash: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                • Instruction Fuzzy Hash: 66F0272A516A8086CF325B2C68907D5AB54E781B50F29114ED9A0D7306E578C783CB21
                Function 0183C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                • Instruction ID: 9d1e05f104e1818094bf8a5da35b25dda0106a72e2804225917b97779330c6db
                • Opcode Fuzzy Hash: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                • Instruction Fuzzy Hash: A4F052714012809FEB22876CC408B11BBE89B807A4F0C982FC402D3522E720EA80DAD1
                Function 01842619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: dea38223d81a9030c3e2799aa883fdf6a07f0126b0911190512c0b6f3d070b60
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 5DE092323006016BE7219E5D9C80F477B6E9FD6B10F040079B5049F251C9E29E0986A5
                Function 01896030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: 6ef3f9e976feb1cafd27223dcc7a2fa66d2857b1c82248d1343d1692b9f56db0
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 3EF06572104204DFE7218F09DD84F52BBF8EB55768F59C026E609EB561E379ED40CBA4
                Function 01800710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: 4a5aa71b918d5a70cda6bd4f15242ec948eb73f0e7f335ceb14ecf31dc65c5a7
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: 3EF0E53A2047499BDB57CF19C440A957BA8FB413A0B044054FC46CB341D736EB81CB51
                Function 018349D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: 873a9a8245a1f535bdca283f720f231c133ae2395e49e6323e0c15ee28125c68
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: D9E0D833244149ABD3212A5D8800B667BA9EBD17A0F190429E200CB151DB70DE42C7D8
                Function 018D4164 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f6a3f21ad1d44b491625b2c38e40cffca849c07656a78bc50325b8720347f6b
                • Instruction ID: 7e49ffcdea1a7b4f12db8c3c0135ba85799c0fe2369cdc6d559969017d8788f3
                • Opcode Fuzzy Hash: 7f6a3f21ad1d44b491625b2c38e40cffca849c07656a78bc50325b8720347f6b
                • Instruction Fuzzy Hash: 14F03932A2AB918FEB62D73CE684B56B7E4AB10730F5A05A4D415C7D12D734EE80C660
                Function 018A678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: 2dc5bd0eae532c38193cdbcf27db6152b699a66eeff5844014fb1d2c58cf39e5
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: E4E0DF32A00120BBEB2197998D05F9ABEACDB90FA0F190054B700E70E4E570DF00C6D0
                Function 018D08C0 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction ID: 322f75aa844df1c67ac5288a16453ed29a5e2bfb821bcc14905e9f610a2e349a
                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction Fuzzy Hash: DFE09B316403548BCB259A1EC541A77BFE8DF95764F15806DE90587712C631F942C6D0
                Function 018025E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                • Instruction ID: 0dd7aeaf7d58245c8294d31b0f391d3d48bb2d7bfab3089cb93c317783ee46e1
                • Opcode Fuzzy Hash: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                • Instruction Fuzzy Hash: 14E092321009589BC322BB2DDD01F8A779AEF60360F114529B115971A0CB34AA10C785
                Function 018BA456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: fc31e7f02a8a40890cb3451a928e2727756a2e9aafbf7e913739ba5e04384054
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: 10E0D831010A11DFE7366F2ED888B927BE5FF50711F148C2DE096925F0C7B89AC0CA41
                Function 01884000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 08027123bd8e9850953a7c51b07afd565ca91c15a692746e3722e24ed883411c
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: D2E0AE353003068BE755DF1AC040B627BA6BFD5B10F28C068A9488F205EB32A9438A40
                Function 0183CA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 91ed5d43f2de6b3e88916f91c521d0ffc47dc15d4e4d63133f8eb9dad1fe57fa
                • Instruction ID: 93986b9afafb27f4815a445cb3a7a9ccd89e3ee6fe858027eed359aead22f855
                • Opcode Fuzzy Hash: 91ed5d43f2de6b3e88916f91c521d0ffc47dc15d4e4d63133f8eb9dad1fe57fa
                • Instruction Fuzzy Hash: 82D02B738810306ACB36E11C7C04F933B9EDBC1720F094862F108F2011D624CEC296C4
                Function 017F823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: 782da1c92fa8cd9e8de83fe73ede3b0c21f34da1870808912682f2b0afa57547
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: A5E08C3600CA14EFDB322F19EC00B52B6A6FF64B60F24486DF182461A58B70A981CA46
                Function 01802050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                • Instruction ID: c073c30274418a143fbea96cb04c4dbf4b5a3c0c45660f6266e3ff9b9da036da
                • Opcode Fuzzy Hash: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                • Instruction Fuzzy Hash: F0E08C321004546BC222FA5DDD00E4A739EEFA4360F100225B150872E4CA64AE00C795
                Function 01838A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: 2c99d07fe9e67412c0143d3c1b0ff0bee3b0bc0356cce3074dca48c7ddb6fdbe
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: C6E08633111A188BC729DE18D511B7277A4EF85720F09473EA61387780C534E544C7D5
                Function 01856AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 5704e0b19bb6a22453a93e0ca92d7ef414617ec3b3485a23172eb2b3b9950ab4
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 05D05E36511A50AFD3329F1BEA00C13BBF9FBC4B20705062EA94583924D670A906CBA0
                Function 0183E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: bdca75c346d67dab8759f530e338850822609c71b83b5507f8c565c305f2da61
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: 17D0A933614620ABD732AA1CFC00FC333E8BB88730F060459F018C7060C360EC81CA84
                Function 0187E908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: 558510f8839cc8585801fb63234d2697ab9e0e32860be8b847b2456379e9c87d
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: 05E0EC369506849BDF52DF5DCA40F5ABBB9BB94B40F150458A5089B660C624EA00CB40
                Function 017FA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 0d848b8558f325a130f0f6f67e7361b5d887bae2d4c8786d9432ec2c37661216
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: DAD0123321607197DB2956596954F67BA19EF81AA4F1A006D7A0ED3A04C5158C42D6E0
                Function 0183A830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: e68d03834cab99d76d2cec4bcf182754c342298f2b8eba97f138946365cc3c31
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: 04D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B904C75A0D63AE950D584
                Function 0183CA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                • Instruction ID: 16329d031b68b93dc2a27f99636a4f04e1124e951bc974d9d0770472d2c28bc3
                • Opcode Fuzzy Hash: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                • Instruction Fuzzy Hash: 53D05230A010028BDF2BEB08CA54E2A3AB4FB50740B44006CEB00E2020E328DA028A80
                Function 018102A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: 289b1eeff673886595a38afbb06ffe63dab3aaadfbb592b01b5b05349c54358a
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: 8FD0C936216E80CFD61BCB0CC9A4F5533A8BB44B44F814490F401CBB26D63CDA80CA00
                Function 0183C700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: 863ef163e531ddc87b6d8c0843eb524d570e0816851fc5b7c10b6203c4764527
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: 2CC01233290648AFC712AA99CD01F027BA9EBA8B50F000021F6048B670D631E920EA84
                Function 01820310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: ee1e5bf76feb05525783333f431e2b6d8002ac4286a9cef1114af0290c110af6
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: EFD01236100248EFCB02DF45C890D9A772AFBD8710F108019FD19076108A31ED62DA90
                Function 01800750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: cbd8389e54cd17c3163537c45779d0b0a1fecf3235d4763f0c353d17e22f3cd0
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: B5C04C757115418FCF15DB1DD694F4577E4F744750F150890EC45DB721E624EE01CA11
                Function 01844340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 246c41ed2df89e7a6f15387f6c252fb73f2126af861df583670b33a950bc1b0e
                • Instruction ID: 23857437874b18a8845298264832937a45c5393e3aae5b5049e10103c7140954
                • Opcode Fuzzy Hash: 246c41ed2df89e7a6f15387f6c252fb73f2126af861df583670b33a950bc1b0e
                • Instruction Fuzzy Hash: A1900231605800169281715948845464405E7E1301B55C012F5428554CCA148B5A5762
                Function 01844650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bf596c4c18848064149a6f2b720205f005c3a05a0c14f49bf49d36222411a41
                • Instruction ID: 1404b28afba4cd06a7c393d276f8215ea5b64dec7a202d7e661414a199ea56b2
                • Opcode Fuzzy Hash: 0bf596c4c18848064149a6f2b720205f005c3a05a0c14f49bf49d36222411a41
                • Instruction Fuzzy Hash: 38900261601500464281715948044066405E7E2301395C116B5558560CC6188A59976A
                Function 01842B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8295d407eb067837cbf252e8b443aa53b251f503f5fd021ea8f27f2380b9d80d
                • Instruction ID: 28bed9b49cbb92b9c36dd0dca508420f6293f8a91d3671ed49e76b327a70ae72
                • Opcode Fuzzy Hash: 8295d407eb067837cbf252e8b443aa53b251f503f5fd021ea8f27f2380b9d80d
                • Instruction Fuzzy Hash: EE90023120140806D245715948046860405D7D1301F55C012BB028655ED6658A957632
                Function 01842BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f9c1f1ec590a3c16da6fc2d8916e79acf2178a69ac9a61c3866c2580a7f0c8f
                • Instruction ID: 80d28288da1155b57856089337ad45fba3ecd85a368b2f21d2124fc41b0e22b2
                • Opcode Fuzzy Hash: 5f9c1f1ec590a3c16da6fc2d8916e79acf2178a69ac9a61c3866c2580a7f0c8f
                • Instruction Fuzzy Hash: 3F90023160540806D291715944147460405D7D1301F55C012B5028654DC7558B597BA2
                Function 01842BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 266c1f16f0619dac38c4bda706432192238fe4b62064d4a847d8c5d418013b10
                • Instruction ID: 34e2bc5a2eacb2282acb1b8150ccbad0eafd2c2c20690a043f7f12956c12a723
                • Opcode Fuzzy Hash: 266c1f16f0619dac38c4bda706432192238fe4b62064d4a847d8c5d418013b10
                • Instruction Fuzzy Hash: BF90023120544846D28171594404A460415D7D1305F55C012B5068694DD6258F59BB62
                Function 01842BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c5c0784ca9f38f9fda3f9bc49957d011470c937f29b102a40e0cd09fabeca13
                • Instruction ID: 1a1d405a3f665da32b08d53b294aa2da6dc3d7d6e1baf168a04d6ccfa7300a95
                • Opcode Fuzzy Hash: 4c5c0784ca9f38f9fda3f9bc49957d011470c937f29b102a40e0cd09fabeca13
                • Instruction Fuzzy Hash: DB90023120140806D2C17159440464A0405D7D2301F95C016B5029654DCA158B5D7BA2
                Function 01842B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                • Instruction ID: 708da6853d7115dd6ae460148a3fd5828274f3b1612557eb572eb884a2dded46
                • Opcode Fuzzy Hash: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                • Instruction Fuzzy Hash: 1990026120240007424671594414616440AD7E1301B55C022F6018590DC5258A956626
                Function 01842AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd40e25678f7648d20e5085347f344da15e45569682ce50a160a128198632fe8
                • Instruction ID: 910f314c9d9f4f02c8a6f8e55fe4a9a7a2c885ce4639be9fd4e456f3569f0ba6
                • Opcode Fuzzy Hash: fd40e25678f7648d20e5085347f344da15e45569682ce50a160a128198632fe8
                • Instruction Fuzzy Hash: 819002A1201540964641B2598404B0A4905D7E1301B55C017F6058560CC5258A559636
                Function 01842AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8d263281a3a63e68ce9a6c6aa2bdc4d06bf52a278ac309aa5182970b9db4d7d
                • Instruction ID: 44f691dac0275605e9ac0f76beaef7923cf08b6f1041b091550e3ff3a02c626e
                • Opcode Fuzzy Hash: d8d263281a3a63e68ce9a6c6aa2bdc4d06bf52a278ac309aa5182970b9db4d7d
                • Instruction Fuzzy Hash: A3900225211400070246B55907045070446D7D6351355C022F6019550CD6218A655622
                Function 01842AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5ca0f518d9a0cd79a3a5d453a57284c3afb27bfaee9fa26a928e28f0a1c65b2
                • Instruction ID: 713132643a80696a4a626132aae3a7a5cb0fa2d616f769ee194a9ec8b1388ce6
                • Opcode Fuzzy Hash: f5ca0f518d9a0cd79a3a5d453a57284c3afb27bfaee9fa26a928e28f0a1c65b2
                • Instruction Fuzzy Hash: 0E900225221400060286B559060450B0845E7D7351395C016F641A590CC6218A695722
                Function 01842DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84203809cbcd9e61c38ccfb371c85deafc8af50302d8cd9c755c7f8dffebc7dc
                • Instruction ID: f1a811399f2bbb52d629397ed0c8e6a263597a77065f3941fdee7f82307d1602
                • Opcode Fuzzy Hash: 84203809cbcd9e61c38ccfb371c85deafc8af50302d8cd9c755c7f8dffebc7dc
                • Instruction Fuzzy Hash: 8990023124140406D282715944046060409E7D1341F95C013B5428554EC6558B5AAF62
                Function 01842DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: edf86e2ad902bfdbae114c0a4ae53dae904bcffd840ff7f527edf270d9c22e4a
                • Instruction ID: 10b37bb9905b20b36fe7a614d10d8573f0822fd6beb1f4ab9689970a5ff954ff
                • Opcode Fuzzy Hash: edf86e2ad902bfdbae114c0a4ae53dae904bcffd840ff7f527edf270d9c22e4a
                • Instruction Fuzzy Hash: 0D900221242441565686B15944045074406E7E1341795C013B6418950CC5269A5ADB22
                Function 01842D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd47275046b1dd1317dccb7f3dd1d8bfdec1166d08378ee92fd2c25a8c1d1c33
                • Instruction ID: 2cd2fd1fcdbbc992b8020f3474dc8e8466069edbc225ead815208bba94625d4d
                • Opcode Fuzzy Hash: fd47275046b1dd1317dccb7f3dd1d8bfdec1166d08378ee92fd2c25a8c1d1c33
                • Instruction Fuzzy Hash: 8D90022120544446D24175595408A060405D7D1305F55D012B6068595DC6358A55A632
                Function 01842D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ebaf4b6bdc525efbf6d35338a4446a2008f64bfe07f3dac68ad45383bc5cfb88
                • Instruction ID: 613da2772a49dddfca82c32a1a534e60a4bb2778d1eb461d823dd9eaa40a15fe
                • Opcode Fuzzy Hash: ebaf4b6bdc525efbf6d35338a4446a2008f64bfe07f3dac68ad45383bc5cfb88
                • Instruction Fuzzy Hash: 5D90022921340006D2C17159540860A0405D7D2302F95D416B5019558CC9158A6D5722
                Function 01842D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0710e665e2cae0e605cd90530396807ce51801c9b32f8e47453f3269b4903230
                • Instruction ID: 06d1e554ecc351e08e17ca5b26dd9319e4ea39abf35984336c7b5510fde95f84
                • Opcode Fuzzy Hash: 0710e665e2cae0e605cd90530396807ce51801c9b32f8e47453f3269b4903230
                • Instruction Fuzzy Hash: 9A90022130140007D281715954186064405E7E2301F55D012F5418554CD9158A5A5723
                Function 01842CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 914d59005b677f00ab80b6777af9c0b4996401e5abe3a789377e80bf16aa37b4
                • Instruction ID: 32e77d2b029780e17746887c9bba2d4eafca2144ef59bdbdac42d3f1dd21ad71
                • Opcode Fuzzy Hash: 914d59005b677f00ab80b6777af9c0b4996401e5abe3a789377e80bf16aa37b4
                • Instruction Fuzzy Hash: 8490023120140406D241759954086460405D7E1301F55D012BA028555EC6658A956632
                Function 01842CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e627f8bdbcf3864976cc4f1e2d7f4c99e8474c55eb3384dd18d4b458bf04ea0
                • Instruction ID: 71da3074bdc6114e7b284999d1595c9e65c6680ed118fd3c01420d29848ed26d
                • Opcode Fuzzy Hash: 8e627f8bdbcf3864976cc4f1e2d7f4c99e8474c55eb3384dd18d4b458bf04ea0
                • Instruction Fuzzy Hash: 9890022160540406D281715954187060415D7D1301F55D012B5028554DC6598B596BA2
                Function 01842CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 26be8f20111cd9079b9f6a04b2f148d943c0a32ae678cb402d688de004f25f74
                • Instruction ID: 82248a0ec6d5370b91694004f9f29c1864b1606e651d94dcc05dea68257a9ad4
                • Opcode Fuzzy Hash: 26be8f20111cd9079b9f6a04b2f148d943c0a32ae678cb402d688de004f25f74
                • Instruction Fuzzy Hash: E890023120140407D241715955087070405D7D1301F55D412B5428558DD6568A556622
                Function 01842C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0e770e62c03622bd9a8081e2f38d3deaf0e2a1b8979427e3ae642886686fc5b
                • Instruction ID: f38a01c234397744e44813ab95d1c51b1d30fd43315f0f2fe7a0e88ce43c1726
                • Opcode Fuzzy Hash: f0e770e62c03622bd9a8081e2f38d3deaf0e2a1b8979427e3ae642886686fc5b
                • Instruction Fuzzy Hash: 7F90023120140846D24171594404B460405D7E1301F55C017B5128654DC615CA557A22
                Function 01842C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                • Instruction ID: 81c19f638b1a6f09e02ea30b66326b995be5007b2a54d46542b911e8a6f9f34d
                • Opcode Fuzzy Hash: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                • Instruction Fuzzy Hash: 6090023120148806D2517159840474A0405D7D1301F59C412B9428658DC6958A957622
                Function 01842F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f23c3ff3f335c9ca87643121e76483e8cbc87a6556fbec670ea7c45ba7e9e010
                • Instruction ID: 979a162a6b3cd00562f6e3fb2fad70aa4a317e539a4c352a1a55aa39295d2f4e
                • Opcode Fuzzy Hash: f23c3ff3f335c9ca87643121e76483e8cbc87a6556fbec670ea7c45ba7e9e010
                • Instruction Fuzzy Hash: 1A90023120180406D2417159481470B0405D7D1302F55C012B6168555DC6258A556A72
                Function 01842FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2ccf4270d7f4e88d9174f0c8949b98c012fee616f608bdb96504da67f12c9c1
                • Instruction ID: 1e8b21fa3de938e25dcff2ef3ee5e97dd8a7a69401d08f6ed632d57dabb4a27b
                • Opcode Fuzzy Hash: c2ccf4270d7f4e88d9174f0c8949b98c012fee616f608bdb96504da67f12c9c1
                • Instruction Fuzzy Hash: 0B90023120180406D241715948087470405D7D1302F55C012BA168555EC665CA956A32
                Function 01842FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 664505a26aaa76a4dd1334b06fad636375fcdce29d245a2d2f75d2d9d2539367
                • Instruction ID: 9f1eeecc502ed8094b4c2c796b48507f33edafeb575b3965977aa65d4bd0246b
                • Opcode Fuzzy Hash: 664505a26aaa76a4dd1334b06fad636375fcdce29d245a2d2f75d2d9d2539367
                • Instruction Fuzzy Hash: 62900221601400464281716988449064405FBE2311755C122B599C550DC5598A695B66
                Function 01842FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8898727ffc23eb4f5c53b441b14b47b290c56b64e728f623f4e21a0b840010ec
                • Instruction ID: a79e86d255432b066e9e50ea74cbd84e9c5373d6c11888b87ca19c58f09357a9
                • Opcode Fuzzy Hash: 8898727ffc23eb4f5c53b441b14b47b290c56b64e728f623f4e21a0b840010ec
                • Instruction Fuzzy Hash: 67900221211C0046D34175694C14B070405D7D1303F55C116B5158554CC9158A655A22
                Function 01842F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc4f87e87b1292b62edbbac9b75ae1a63cd22bc8fd785d37d73874c14e89be07
                • Instruction ID: 3dd2a0c156c9458ba7fc4f16ff251ae7b607cb99b8bc043166140814d5569106
                • Opcode Fuzzy Hash: bc4f87e87b1292b62edbbac9b75ae1a63cd22bc8fd785d37d73874c14e89be07
                • Instruction Fuzzy Hash: 6390026134140446D24171594414B060405D7E2301F55C016F6068554DC619CE566627
                Function 01842F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eccbdf3f067d9021c067d88cffcf6742cb65eeb4ca80e912e672255d599ad218
                • Instruction ID: 27cfb8073caee5078ee4ff8c500976e649ce7a717d5b1da0a198c563a990ebb3
                • Opcode Fuzzy Hash: eccbdf3f067d9021c067d88cffcf6742cb65eeb4ca80e912e672255d599ad218
                • Instruction Fuzzy Hash: 6E90026121140046D245715944047060445D7E2301F55C013B7158554CC5298E655626
                Function 01842E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2aae1d5997038620159eea1dd691660924ef2b0e9b69231f4fe1fe0cb144a775
                • Instruction ID: 344a8f2abf7da5226929874857812dc65e04f6ce0c39318435cbdb4ed7270f6a
                • Opcode Fuzzy Hash: 2aae1d5997038620159eea1dd691660924ef2b0e9b69231f4fe1fe0cb144a775
                • Instruction Fuzzy Hash: F390022160140506D24271594404616040AD7D1341F95C023B6028555ECA258B96A632
                Function 01842EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9d914e6057b48da24ac797270427f615809036cfaae31d19b117cf85df21202
                • Instruction ID: f1da57029ee4288736cdcb131633c19a191e459487d3a83dc3ae487355095595
                • Opcode Fuzzy Hash: e9d914e6057b48da24ac797270427f615809036cfaae31d19b117cf85df21202
                • Instruction Fuzzy Hash: 9090027120140406D281715944047460405D7D1301F55C012BA068554EC6598FD96B66
                Function 01842EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e99a18ccf99aab28d81e778aa20ab27e6689b7ab14868781fa1b76f305b2288e
                • Instruction ID: 4d59b8518fc20cd6cf4a99cfe567efd3f07b99527c20a6d2d6406c6f5212cbfa
                • Opcode Fuzzy Hash: e99a18ccf99aab28d81e778aa20ab27e6689b7ab14868781fa1b76f305b2288e
                • Instruction Fuzzy Hash: 0290026120180407D281755948046070405D7D1302F55C012B7068555ECA298E556636
                Function 01842E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 603974b34746af6acd3d728065d6186ff2d5f534af071338eece37dcb55e9aae
                • Instruction ID: c7a42eb24a97ce5b3773e99021b6bbf6e04b92074585bd99cf927b486d2a6039
                • Opcode Fuzzy Hash: 603974b34746af6acd3d728065d6186ff2d5f534af071338eece37dcb55e9aae
                • Instruction Fuzzy Hash: 1590022130140406D243715944146060409D7D2345F95C013F6428555DC6258B57A633
                Function 01843090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 01cd92d4f572f8ae4a1fa56cc8216ec592df8c87cebd9eeef30c0c51ee803700
                • Instruction ID: 584ff8bdcf5ea2a63f7723038de20ac4cb0c3daf818b0036d4231ed90dbc52e8
                • Opcode Fuzzy Hash: 01cd92d4f572f8ae4a1fa56cc8216ec592df8c87cebd9eeef30c0c51ee803700
                • Instruction Fuzzy Hash: 1890022124140806D281715984147070406D7D1701F55C012B5028554DC6168B696BB2
                Function 01843010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: faafd7e69edc78380b4437f4fee155f42c28fb11bef880f10b44e37d73fd9334
                • Instruction ID: c7fa29ac9f980d0685d23db8d529316bfaa5e36bf7246f018ddd6094e644b56d
                • Opcode Fuzzy Hash: faafd7e69edc78380b4437f4fee155f42c28fb11bef880f10b44e37d73fd9334
                • Instruction Fuzzy Hash: 4D90022120184446D28172594804B0F4505D7E2302F95C01AB915A554CC9158A595B22
                Function 018435C0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                • Instruction ID: 117b82ad7d38cf1d61cb8c5dbec7175b0790706f6d6352d20b33bb99b9478477
                • Opcode Fuzzy Hash: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                • Instruction Fuzzy Hash: DC90023160550406D241715945147061405D7D1301F65C412B5428568DC7958B556AA3
                Function 018439B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0f7f41eac6a06da4e26967e5a44c975ae53fea27661038157718af5ae7360e0
                • Instruction ID: 21c51f7ef29b13a5fe23ae6f8ef5884c9bf8a6dff4fa17c5de9d664cb37bfaa0
                • Opcode Fuzzy Hash: c0f7f41eac6a06da4e26967e5a44c975ae53fea27661038157718af5ae7360e0
                • Instruction Fuzzy Hash: 1290022124545106D291715D44046164405F7E1301F55C022B5818594DC5558A596722
                Function 01843D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30a76e0f1cee2079012d40b14aac9061204a38bb50a0dd8a710ce88ed2c0a4cc
                • Instruction ID: a5084bc6bad30e0ee6eb05e3e24b0278c4518a6e0bd8945709fbd791d91ad68f
                • Opcode Fuzzy Hash: 30a76e0f1cee2079012d40b14aac9061204a38bb50a0dd8a710ce88ed2c0a4cc
                • Instruction Fuzzy Hash: EC90023120240146968172595804A4E4505D7E2302B95D416B5019554CC9148A655722
                Function 01843D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d66b8ad11d0a0b646b68086c54811abb0dbecf2b03ed58af5e03af961c51acf
                • Instruction ID: fb9db82e1be6a39cbbbf6dde6c33db016ea35fc88c7bf50e935412d81ece2f8c
                • Opcode Fuzzy Hash: 1d66b8ad11d0a0b646b68086c54811abb0dbecf2b03ed58af5e03af961c51acf
                • Instruction Fuzzy Hash: F890023520140406D651715958046460446D7D1301F55D412B5428558DC6548AA5A622
                Function 01842C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 3614c6967db129892fb6dea05f8850075bcc06a13b5a958a712c0f69544c3b20
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01842890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                • Instruction ID: ac23de48fb500d35b4afcf67ba69a75185f83c6d14bf788d342e7f61133f3053
                • Opcode Fuzzy Hash: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                • Instruction Fuzzy Hash: 0751F6B6A0411EBFDB11DBAC989097EFBB9BB083407148229F4A5D7642D734DF0087A0
                Function 018B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                • Instruction ID: 44c98392fce92e671d1afc68ff197d3865f8cab0129e0b2f09c605f4bcd57db0
                • Opcode Fuzzy Hash: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                • Instruction Fuzzy Hash: 4251D5B1A00646AACB64DE5CC8D09BFB7BAEB44305B048459F5A6D7742D678EB40C760
                Function 01837630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01874787
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018746FC
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01874655
                • Execute=1, xrefs: 01874713
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01874742
                • ExecuteOptions, xrefs: 018746A0
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01874725
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                • Instruction ID: d190ed524e5e2cd3b87299e1ecf214e270e9aa7426c39b0242603323cefc47f3
                • Opcode Fuzzy Hash: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                • Instruction Fuzzy Hash: 955119B160021E7BEF21EAA8DC95FA977A8EF58304F0800A9D605E7191EB70DF45DF91
                Function 018D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                • Instruction ID: ba76d158dbdbb6f84cbfa4108a3942450bfbb12440325b3bb6565cfb16109193
                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                • Instruction Fuzzy Hash: 3B021771508346AFD305CF18C490A6BBBE5FFC8714F648A2DF9858B254EB31EA05CB52
                Function 0184B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                • Instruction ID: f26c6fb16188348fba4d2f586a791c19bf612f9b85a0f072aa505761c421dbc2
                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                • Instruction Fuzzy Hash: 1E81AD70A0524D9FEF29CF6CC8917BEBBA2AF45360F18411AD861E7291CF34DA408B51
                Function 018B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                • Instruction ID: bc9caf8315a3c17b82cd9ac710b2cfe562dcca70f4cf4c4ad5cba1f846c714a8
                • Opcode Fuzzy Hash: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                • Instruction Fuzzy Hash: A121367AA00519ABDB11DE6DD890AEEBBE9EF54754F44011AE955D3300E730FB028BA1
                Function 0182F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018702BD
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018702E7
                • RTL: Re-Waiting, xrefs: 0187031E
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                • Instruction ID: 6a1c70253d347fe36c499c9dc22a0572d32c3bfd17c2090056a58199876cfa93
                • Opcode Fuzzy Hash: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                • Instruction Fuzzy Hash: E0E19C316087569FD726CF28C884B2ABBF0AB85718F140A1DF6A5CB2D1D774DA84CB52
                Function 0183BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01877B7F
                • RTL: Resource at %p, xrefs: 01877B8E
                • RTL: Re-Waiting, xrefs: 01877BAC
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                • Instruction ID: e70e4bb5f82a35603c672f1dd19d73a32466306183061eaa08cfae3305ff5c70
                • Opcode Fuzzy Hash: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                • Instruction Fuzzy Hash: 4A41D4713047069FD724DE2DC840B6AB7E5EF99720F140A1DFA5ADB680DB31EA05CB92
                Function 0183B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0187728C
                Strings
                • RTL: Resource at %p, xrefs: 018772A3
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01877294
                • RTL: Re-Waiting, xrefs: 018772C1
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                • Instruction ID: 3d43f4628cff6cf3230014b3ad0380f4cdcf3cd755c03b360da7abee9114c37b
                • Opcode Fuzzy Hash: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                • Instruction Fuzzy Hash: 02411371700206ABC720DE29CC85F66B7A5FF94714F140619FA66EB280DB31EA52C7D1
                Function 018B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                • Instruction ID: 0304e0aac00d737d651a5ee1a3912e06fae77b245e1ac9ebac4b79ee349e6e36
                • Opcode Fuzzy Hash: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                • Instruction Fuzzy Hash: 4B318472A012199FDB20DE2DCC80BEEB7F9EB44750F44055AE949E3200EB30AB458BA1
                Function 01847D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                • Instruction ID: 16b8bee1fe64caaf752099486a8fce251b4751ebada60b9f8e1509927acf0865
                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                • Instruction Fuzzy Hash: 0591B171E0021E9BEB24DF6DC880ABEBBA5FF45720F54461AE955E72C0EF349B408761
                Function 01809126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2454956185.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_17d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                • Instruction ID: edfeba0cf8178264d4aefce5bf34fbe780d76d64a064d5afda95e1f3ea3a6657
                • Opcode Fuzzy Hash: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                • Instruction Fuzzy Hash: FD811C71D012699BDB768B58CC44BEAB7B9AB08714F0041DAEA1DF7281D7345F84CF61