Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YHcZGpLBUw.exe

Overview

General Information

Sample name:YHcZGpLBUw.exe
renamed because original name is a hash value
Original sample name:d028e3b4d6ebc62c3c23bdb8d7e09f1dc85acda7547f9dea476ea8e3023e81f2.exe
Analysis ID:1410997
MD5:0cb08733be50d8a3c7685beb4aa1a65e
SHA1:0baa67453d45c82ebcae84d57124b2bd237795d6
SHA256:d028e3b4d6ebc62c3c23bdb8d7e09f1dc85acda7547f9dea476ea8e3023e81f2
Tags:exe
Infos:

Detection

FormBook
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
One or more processes crash
PE file does not import any functions
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • YHcZGpLBUw.exe (PID: 6444 cmdline: C:\Users\user\Desktop\YHcZGpLBUw.exe MD5: 0CB08733BE50D8A3C7685BEB4AA1A65E)
    • WerFault.exe (PID: 5052 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 232 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2d843:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17902:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.YHcZGpLBUw.exe.210000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0.2.YHcZGpLBUw.exe.210000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2da43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x17b02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: YHcZGpLBUw.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: YHcZGpLBUw.exeReversingLabs: Detection: 55%
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
      Machine Learning detection for sample
      Source: YHcZGpLBUw.exeJoe Sandbox ML: detected
      Source: YHcZGpLBUw.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: YHcZGpLBUw.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: YHcZGpLBUw.exe, YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
      Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0021B323 NtCreateFile,0_2_0021B323
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0021B553 NtReadFile,0_2_0021B553
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0023BD83 NtClose,0_2_0023BD83
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0021BDE3 NtAllocateVirtualMemory,0_2_0021BDE3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00211ABD NtProtectVirtualMemory,NtProtectVirtualMemory,0_2_00211ABD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00211A8D NtProtectVirtualMemory,NtProtectVirtualMemory,0_2_00211A8D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01812DF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01814340 NtSetContextThread,0_2_01814340
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01814650 NtSuspendThread,0_2_01814650
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812B80 NtQueryInformationFile,0_2_01812B80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812BA0 NtEnumerateValueKey,0_2_01812BA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812BE0 NtQueryValueKey,0_2_01812BE0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812BF0 NtAllocateVirtualMemory,0_2_01812BF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812B60 NtClose,0_2_01812B60
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812AB0 NtWaitForSingleObject,0_2_01812AB0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812AD0 NtReadFile,0_2_01812AD0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812AF0 NtWriteFile,0_2_01812AF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812DB0 NtEnumerateKey,0_2_01812DB0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812DD0 NtDelayExecution,0_2_01812DD0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812D00 NtSetInformationFile,0_2_01812D00
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812D10 NtMapViewOfSection,0_2_01812D10
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812D30 NtUnmapViewOfSection,0_2_01812D30
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812CA0 NtQueryInformationToken,0_2_01812CA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812CC0 NtQueryVirtualMemory,0_2_01812CC0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812CF0 NtOpenProcess,0_2_01812CF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812C00 NtQueryInformationProcess,0_2_01812C00
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812C60 NtCreateKey,0_2_01812C60
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812C70 NtFreeVirtualMemory,0_2_01812C70
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812F90 NtProtectVirtualMemory,0_2_01812F90
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812FA0 NtQuerySection,0_2_01812FA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812FB0 NtResumeThread,0_2_01812FB0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812FE0 NtCreateFile,0_2_01812FE0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812F30 NtCreateSection,0_2_01812F30
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812F60 NtCreateProcessEx,0_2_01812F60
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812E80 NtReadVirtualMemory,0_2_01812E80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812EA0 NtAdjustPrivilegesToken,0_2_01812EA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812EE0 NtQueueApcThread,0_2_01812EE0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812E30 NtWriteVirtualMemory,0_2_01812E30
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01813090 NtSetValueKey,0_2_01813090
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01813010 NtOpenDirectoryObject,0_2_01813010
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018135C0 NtCreateMutant,0_2_018135C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018139B0 NtGetContextThread,0_2_018139B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01813D10 NtOpenProcessToken,0_2_01813D10
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01813D70 NtOpenThread,0_2_01813D70
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0023E1330_2_0023E133
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0021110B0_2_0021110B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002111100_2_00211110
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002132600_2_00213260
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00212A500_2_00212A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002112800_2_00211280
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00227C730_2_00227C73
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0022152A0_2_0022152A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002215330_2_00221533
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00212ECA0_2_00212ECA
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00212ED00_2_00212ED0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002127100_2_00212710
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002217530_2_00221753
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0021F7C90_2_0021F7C9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0021F7D30_2_0021F7D3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A01AA0_2_018A01AA
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018941A20_2_018941A2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018981CC0_2_018981CC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D01000_2_017D0100
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187A1180_2_0187A118
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018681580_2_01868158
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018720000_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A03E60_2_018A03E6
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE3F00_2_017EE3F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189A3520_2_0189A352
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018602C00_2_018602C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018802740_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A05910_2_018A0591
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E05350_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188E4F60_2_0188E4F6
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018844200_2_01884420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018924460_2_01892446
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E07700_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DC7C00_2_017DC7C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018047500_2_01804750
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FC6E00_2_017FC6E0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F69620_2_017F6962
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018AA9A60_2_018AA9A6
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A00_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E28400_2_017E2840
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EA8400_2_017EA840
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E8F00_2_0180E8F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C68B80_2_017C68B8
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01896BD70_2_01896BD7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189AB400_2_0189AB40
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA800_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EAD000_2_017EAD00
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187CD1F0_2_0187CD1F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DADE00_2_017DADE0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F8DBF0_2_017F8DBF
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880CB50_2_01880CB5
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0C000_2_017E0C00
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0CF20_2_017D0CF2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185EFA00_2_0185EFA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01822F280_2_01822F28
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01800F300_2_01800F30
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D2FC80_2_017D2FC8
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01882F300_2_01882F30
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01854F400_2_01854F40
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189CE930_2_0189CE93
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0E590_2_017E0E59
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189EEDB0_2_0189EEDB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189EE260_2_0189EE26
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2E900_2_017F2E90
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CF1720_2_017CF172
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EB1B00_2_017EB1B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018AB16B0_2_018AB16B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181516C0_2_0181516C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188F0CC0_2_0188F0CC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018970E90_2_018970E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189F0E00_2_0189F0E0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E70C00_2_017E70C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0182739A0_2_0182739A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CD34C0_2_017CD34C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189132D0_2_0189132D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018812ED0_2_018812ED
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FB2C00_2_017FB2C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E52A00_2_017E52A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187D5B00_2_0187D5B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018975710_2_01897571
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D14600_2_017D1460
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189F43F0_2_0189F43F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189F7B00_2_0189F7B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018916CC0_2_018916CC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E99500_2_017E9950
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FB9500_2_017FB950
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018759100_2_01875910
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184D8000_2_0184D800
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E38E00_2_017E38E0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01855BF00_2_01855BF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181DBF90_2_0181DBF9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189FB760_2_0189FB76
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FFB800_2_017FFB80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01825AA00_2_01825AA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187DAAC0_2_0187DAAC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01881AA30_2_01881AA3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188DAC60_2_0188DAC6
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189FA490_2_0189FA49
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01897A460_2_01897A46
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01853A6C0_2_01853A6C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E3D400_2_017E3D40
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FFDC00_2_017FFDC0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01891D5A0_2_01891D5A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01897D730_2_01897D73
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189FCF20_2_0189FCF2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01859C320_2_01859C32
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189FFB10_2_0189FFB1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189FF090_2_0189FF09
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E1F920_2_017E1F92
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E9EB00_2_017E9EB0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: String function: 017CB970 appears 265 times
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: String function: 01815130 appears 58 times
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: String function: 0184EA12 appears 86 times
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: String function: 0185F290 appears 105 times
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: String function: 01827E54 appears 100 times
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 232
      Source: YHcZGpLBUw.exeStatic PE information: No import functions for PE file found
      Source: YHcZGpLBUw.exe, 00000000.00000002.1801310756.0000000001A71000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs YHcZGpLBUw.exe
      Source: YHcZGpLBUw.exe, 00000000.00000003.1713007738.0000000001724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs YHcZGpLBUw.exe
      Source: YHcZGpLBUw.exe, 00000000.00000003.1710961964.000000000156A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs YHcZGpLBUw.exe
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeSection loaded: apphelp.dllJump to behavior
      Source: YHcZGpLBUw.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: YHcZGpLBUw.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: YHcZGpLBUw.exeStatic PE information: Section .text
      Source: classification engineClassification label: mal76.troj.winEXE@2/5@0/0
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6444
      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\6e5e9a11-6bf9-4eec-a547-2a0c265f9772Jump to behavior
      Source: YHcZGpLBUw.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: YHcZGpLBUw.exeReversingLabs: Detection: 55%
      Source: unknownProcess created: C:\Users\user\Desktop\YHcZGpLBUw.exe C:\Users\user\Desktop\YHcZGpLBUw.exe
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 232
      Source: YHcZGpLBUw.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: YHcZGpLBUw.exe, YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_002248C3 push esi; retf 0_2_002248CE
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0023F1F2 push eax; ret 0_2_0023F1F4
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00212223 push cs; iretd 0_2_00212226
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00213570 push eax; ret 0_2_00213572
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00211E26 push esp; retf 0_2_00211E27
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_00237E33 pushfd ; ret 0_2_00237E7A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0022B7F3 push edi; retf 0_2_0022B7F9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D09AD push ecx; mov dword ptr [esp], ecx0_2_017D09B6
      Source: YHcZGpLBUw.exeStatic PE information: section name: .text entropy: 7.9948131187267615
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181096E rdtsc 0_2_0181096E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeAPI coverage: 0.5 %
      Source: Amcache.hve.3.drBinary or memory string: VMware
      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.3.drBinary or memory string: vmci.sys
      Source: Amcache.hve.3.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
      Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.3.drBinary or memory string: VMware20,1
      Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181096E rdtsc 0_2_0181096E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01812DF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188C188 mov eax, dword ptr fs:[00000030h]0_2_0188C188
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188C188 mov eax, dword ptr fs:[00000030h]0_2_0188C188
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01810185 mov eax, dword ptr fs:[00000030h]0_2_01810185
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01874180 mov eax, dword ptr fs:[00000030h]0_2_01874180
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01874180 mov eax, dword ptr fs:[00000030h]0_2_01874180
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185019F mov eax, dword ptr fs:[00000030h]0_2_0185019F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185019F mov eax, dword ptr fs:[00000030h]0_2_0185019F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185019F mov eax, dword ptr fs:[00000030h]0_2_0185019F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185019F mov eax, dword ptr fs:[00000030h]0_2_0185019F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6154 mov eax, dword ptr fs:[00000030h]0_2_017D6154
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6154 mov eax, dword ptr fs:[00000030h]0_2_017D6154
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CC156 mov eax, dword ptr fs:[00000030h]0_2_017CC156
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018961C3 mov eax, dword ptr fs:[00000030h]0_2_018961C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018961C3 mov eax, dword ptr fs:[00000030h]0_2_018961C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h]0_2_0184E1D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h]0_2_0184E1D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0184E1D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h]0_2_0184E1D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h]0_2_0184E1D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A61E5 mov eax, dword ptr fs:[00000030h]0_2_018A61E5
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018001F8 mov eax, dword ptr fs:[00000030h]0_2_018001F8
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h]0_2_0187E10E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01890115 mov eax, dword ptr fs:[00000030h]0_2_01890115
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187A118 mov ecx, dword ptr fs:[00000030h]0_2_0187A118
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187A118 mov eax, dword ptr fs:[00000030h]0_2_0187A118
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187A118 mov eax, dword ptr fs:[00000030h]0_2_0187A118
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187A118 mov eax, dword ptr fs:[00000030h]0_2_0187A118
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01800124 mov eax, dword ptr fs:[00000030h]0_2_01800124
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01864144 mov eax, dword ptr fs:[00000030h]0_2_01864144
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01864144 mov eax, dword ptr fs:[00000030h]0_2_01864144
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01864144 mov ecx, dword ptr fs:[00000030h]0_2_01864144
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01864144 mov eax, dword ptr fs:[00000030h]0_2_01864144
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01864144 mov eax, dword ptr fs:[00000030h]0_2_01864144
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01868158 mov eax, dword ptr fs:[00000030h]0_2_01868158
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CA197 mov eax, dword ptr fs:[00000030h]0_2_017CA197
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CA197 mov eax, dword ptr fs:[00000030h]0_2_017CA197
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CA197 mov eax, dword ptr fs:[00000030h]0_2_017CA197
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FC073 mov eax, dword ptr fs:[00000030h]0_2_017FC073
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D2050 mov eax, dword ptr fs:[00000030h]0_2_017D2050
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018680A8 mov eax, dword ptr fs:[00000030h]0_2_018680A8
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018960B8 mov eax, dword ptr fs:[00000030h]0_2_018960B8
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018960B8 mov ecx, dword ptr fs:[00000030h]0_2_018960B8
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018520DE mov eax, dword ptr fs:[00000030h]0_2_018520DE
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CA020 mov eax, dword ptr fs:[00000030h]0_2_017CA020
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CC020 mov eax, dword ptr fs:[00000030h]0_2_017CC020
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018560E0 mov eax, dword ptr fs:[00000030h]0_2_018560E0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h]0_2_017EE016
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h]0_2_017EE016
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h]0_2_017EE016
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h]0_2_017EE016
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018120F0 mov ecx, dword ptr fs:[00000030h]0_2_018120F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01854000 mov ecx, dword ptr fs:[00000030h]0_2_01854000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01872000 mov eax, dword ptr fs:[00000030h]0_2_01872000
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CC0F0 mov eax, dword ptr fs:[00000030h]0_2_017CC0F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D80E9 mov eax, dword ptr fs:[00000030h]0_2_017D80E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CA0E3 mov ecx, dword ptr fs:[00000030h]0_2_017CA0E3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01866030 mov eax, dword ptr fs:[00000030h]0_2_01866030
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856050 mov eax, dword ptr fs:[00000030h]0_2_01856050
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D208A mov eax, dword ptr fs:[00000030h]0_2_017D208A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188C3CD mov eax, dword ptr fs:[00000030h]0_2_0188C3CD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018563C0 mov eax, dword ptr fs:[00000030h]0_2_018563C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018743D4 mov eax, dword ptr fs:[00000030h]0_2_018743D4
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018743D4 mov eax, dword ptr fs:[00000030h]0_2_018743D4
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E3DB mov eax, dword ptr fs:[00000030h]0_2_0187E3DB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E3DB mov eax, dword ptr fs:[00000030h]0_2_0187E3DB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E3DB mov ecx, dword ptr fs:[00000030h]0_2_0187E3DB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187E3DB mov eax, dword ptr fs:[00000030h]0_2_0187E3DB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CC310 mov ecx, dword ptr fs:[00000030h]0_2_017CC310
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F0310 mov ecx, dword ptr fs:[00000030h]0_2_017F0310
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018063FF mov eax, dword ptr fs:[00000030h]0_2_018063FF
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A30B mov eax, dword ptr fs:[00000030h]0_2_0180A30B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A30B mov eax, dword ptr fs:[00000030h]0_2_0180A30B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A30B mov eax, dword ptr fs:[00000030h]0_2_0180A30B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE3F0 mov eax, dword ptr fs:[00000030h]0_2_017EE3F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE3F0 mov eax, dword ptr fs:[00000030h]0_2_017EE3F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE3F0 mov eax, dword ptr fs:[00000030h]0_2_017EE3F0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h]0_2_017E03E9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h]0_2_017DA3C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h]0_2_017DA3C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h]0_2_017DA3C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h]0_2_017DA3C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h]0_2_017DA3C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h]0_2_017DA3C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h]0_2_017D83C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h]0_2_017D83C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h]0_2_017D83C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h]0_2_017D83C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01852349 mov eax, dword ptr fs:[00000030h]0_2_01852349
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01878350 mov ecx, dword ptr fs:[00000030h]0_2_01878350
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185035C mov eax, dword ptr fs:[00000030h]0_2_0185035C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185035C mov eax, dword ptr fs:[00000030h]0_2_0185035C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185035C mov eax, dword ptr fs:[00000030h]0_2_0185035C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185035C mov ecx, dword ptr fs:[00000030h]0_2_0185035C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185035C mov eax, dword ptr fs:[00000030h]0_2_0185035C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185035C mov eax, dword ptr fs:[00000030h]0_2_0185035C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189A352 mov eax, dword ptr fs:[00000030h]0_2_0189A352
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C8397 mov eax, dword ptr fs:[00000030h]0_2_017C8397
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C8397 mov eax, dword ptr fs:[00000030h]0_2_017C8397
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C8397 mov eax, dword ptr fs:[00000030h]0_2_017C8397
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F438F mov eax, dword ptr fs:[00000030h]0_2_017F438F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F438F mov eax, dword ptr fs:[00000030h]0_2_017F438F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CE388 mov eax, dword ptr fs:[00000030h]0_2_017CE388
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CE388 mov eax, dword ptr fs:[00000030h]0_2_017CE388
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CE388 mov eax, dword ptr fs:[00000030h]0_2_017CE388
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187437C mov eax, dword ptr fs:[00000030h]0_2_0187437C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E284 mov eax, dword ptr fs:[00000030h]0_2_0180E284
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E284 mov eax, dword ptr fs:[00000030h]0_2_0180E284
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01850283 mov eax, dword ptr fs:[00000030h]0_2_01850283
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01850283 mov eax, dword ptr fs:[00000030h]0_2_01850283
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01850283 mov eax, dword ptr fs:[00000030h]0_2_01850283
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C826B mov eax, dword ptr fs:[00000030h]0_2_017C826B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4260 mov eax, dword ptr fs:[00000030h]0_2_017D4260
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4260 mov eax, dword ptr fs:[00000030h]0_2_017D4260
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4260 mov eax, dword ptr fs:[00000030h]0_2_017D4260
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6259 mov eax, dword ptr fs:[00000030h]0_2_017D6259
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h]0_2_018662A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018662A0 mov ecx, dword ptr fs:[00000030h]0_2_018662A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h]0_2_018662A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h]0_2_018662A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h]0_2_018662A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h]0_2_018662A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CA250 mov eax, dword ptr fs:[00000030h]0_2_017CA250
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C823B mov eax, dword ptr fs:[00000030h]0_2_017C823B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E02E1 mov eax, dword ptr fs:[00000030h]0_2_017E02E1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E02E1 mov eax, dword ptr fs:[00000030h]0_2_017E02E1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E02E1 mov eax, dword ptr fs:[00000030h]0_2_017E02E1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h]0_2_017DA2C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h]0_2_017DA2C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h]0_2_017DA2C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h]0_2_017DA2C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h]0_2_017DA2C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01858243 mov eax, dword ptr fs:[00000030h]0_2_01858243
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01858243 mov ecx, dword ptr fs:[00000030h]0_2_01858243
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188A250 mov eax, dword ptr fs:[00000030h]0_2_0188A250
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188A250 mov eax, dword ptr fs:[00000030h]0_2_0188A250
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E02A0 mov eax, dword ptr fs:[00000030h]0_2_017E02A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E02A0 mov eax, dword ptr fs:[00000030h]0_2_017E02A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01880274 mov eax, dword ptr fs:[00000030h]0_2_01880274
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01804588 mov eax, dword ptr fs:[00000030h]0_2_01804588
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E59C mov eax, dword ptr fs:[00000030h]0_2_0180E59C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018505A7 mov eax, dword ptr fs:[00000030h]0_2_018505A7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018505A7 mov eax, dword ptr fs:[00000030h]0_2_018505A7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018505A7 mov eax, dword ptr fs:[00000030h]0_2_018505A7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8550 mov eax, dword ptr fs:[00000030h]0_2_017D8550
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8550 mov eax, dword ptr fs:[00000030h]0_2_017D8550
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h]0_2_017FE53E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h]0_2_017FE53E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h]0_2_017FE53E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h]0_2_017FE53E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h]0_2_017FE53E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h]0_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h]0_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h]0_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h]0_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h]0_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h]0_2_017E0535
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E5CF mov eax, dword ptr fs:[00000030h]0_2_0180E5CF
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E5CF mov eax, dword ptr fs:[00000030h]0_2_0180E5CF
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A5D0 mov eax, dword ptr fs:[00000030h]0_2_0180A5D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A5D0 mov eax, dword ptr fs:[00000030h]0_2_0180A5D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C5ED mov eax, dword ptr fs:[00000030h]0_2_0180C5ED
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C5ED mov eax, dword ptr fs:[00000030h]0_2_0180C5ED
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01866500 mov eax, dword ptr fs:[00000030h]0_2_01866500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h]0_2_018A4500
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h]0_2_017FE5E7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D25E0 mov eax, dword ptr fs:[00000030h]0_2_017D25E0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D65D0 mov eax, dword ptr fs:[00000030h]0_2_017D65D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F45B1 mov eax, dword ptr fs:[00000030h]0_2_017F45B1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F45B1 mov eax, dword ptr fs:[00000030h]0_2_017F45B1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180656A mov eax, dword ptr fs:[00000030h]0_2_0180656A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180656A mov eax, dword ptr fs:[00000030h]0_2_0180656A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180656A mov eax, dword ptr fs:[00000030h]0_2_0180656A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D2582 mov eax, dword ptr fs:[00000030h]0_2_017D2582
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D2582 mov ecx, dword ptr fs:[00000030h]0_2_017D2582
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FA470 mov eax, dword ptr fs:[00000030h]0_2_017FA470
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FA470 mov eax, dword ptr fs:[00000030h]0_2_017FA470
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FA470 mov eax, dword ptr fs:[00000030h]0_2_017FA470
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188A49A mov eax, dword ptr fs:[00000030h]0_2_0188A49A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C645D mov eax, dword ptr fs:[00000030h]0_2_017C645D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F245A mov eax, dword ptr fs:[00000030h]0_2_017F245A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018044B0 mov ecx, dword ptr fs:[00000030h]0_2_018044B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185A4B0 mov eax, dword ptr fs:[00000030h]0_2_0185A4B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CC427 mov eax, dword ptr fs:[00000030h]0_2_017CC427
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CE420 mov eax, dword ptr fs:[00000030h]0_2_017CE420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CE420 mov eax, dword ptr fs:[00000030h]0_2_017CE420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CE420 mov eax, dword ptr fs:[00000030h]0_2_017CE420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01808402 mov eax, dword ptr fs:[00000030h]0_2_01808402
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01808402 mov eax, dword ptr fs:[00000030h]0_2_01808402
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01808402 mov eax, dword ptr fs:[00000030h]0_2_01808402
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D04E5 mov ecx, dword ptr fs:[00000030h]0_2_017D04E5
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01856420 mov eax, dword ptr fs:[00000030h]0_2_01856420
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A430 mov eax, dword ptr fs:[00000030h]0_2_0180A430
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h]0_2_0180E443
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D64AB mov eax, dword ptr fs:[00000030h]0_2_017D64AB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0188A456 mov eax, dword ptr fs:[00000030h]0_2_0188A456
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185C460 mov ecx, dword ptr fs:[00000030h]0_2_0185C460
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187678E mov eax, dword ptr fs:[00000030h]0_2_0187678E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8770 mov eax, dword ptr fs:[00000030h]0_2_017D8770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h]0_2_017E0770
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018847A0 mov eax, dword ptr fs:[00000030h]0_2_018847A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0750 mov eax, dword ptr fs:[00000030h]0_2_017D0750
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018507C3 mov eax, dword ptr fs:[00000030h]0_2_018507C3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185E7E1 mov eax, dword ptr fs:[00000030h]0_2_0185E7E1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0710 mov eax, dword ptr fs:[00000030h]0_2_017D0710
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C700 mov eax, dword ptr fs:[00000030h]0_2_0180C700
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D47FB mov eax, dword ptr fs:[00000030h]0_2_017D47FB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D47FB mov eax, dword ptr fs:[00000030h]0_2_017D47FB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01800710 mov eax, dword ptr fs:[00000030h]0_2_01800710
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F27ED mov eax, dword ptr fs:[00000030h]0_2_017F27ED
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F27ED mov eax, dword ptr fs:[00000030h]0_2_017F27ED
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F27ED mov eax, dword ptr fs:[00000030h]0_2_017F27ED
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C720 mov eax, dword ptr fs:[00000030h]0_2_0180C720
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C720 mov eax, dword ptr fs:[00000030h]0_2_0180C720
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184C730 mov eax, dword ptr fs:[00000030h]0_2_0184C730
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180273C mov eax, dword ptr fs:[00000030h]0_2_0180273C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180273C mov ecx, dword ptr fs:[00000030h]0_2_0180273C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180273C mov eax, dword ptr fs:[00000030h]0_2_0180273C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DC7C0 mov eax, dword ptr fs:[00000030h]0_2_017DC7C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180674D mov esi, dword ptr fs:[00000030h]0_2_0180674D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180674D mov eax, dword ptr fs:[00000030h]0_2_0180674D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180674D mov eax, dword ptr fs:[00000030h]0_2_0180674D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01854755 mov eax, dword ptr fs:[00000030h]0_2_01854755
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812750 mov eax, dword ptr fs:[00000030h]0_2_01812750
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812750 mov eax, dword ptr fs:[00000030h]0_2_01812750
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D07AF mov eax, dword ptr fs:[00000030h]0_2_017D07AF
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185E75D mov eax, dword ptr fs:[00000030h]0_2_0185E75D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C6A6 mov eax, dword ptr fs:[00000030h]0_2_0180C6A6
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018066B0 mov eax, dword ptr fs:[00000030h]0_2_018066B0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EC640 mov eax, dword ptr fs:[00000030h]0_2_017EC640
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0180A6C7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A6C7 mov eax, dword ptr fs:[00000030h]0_2_0180A6C7
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D262C mov eax, dword ptr fs:[00000030h]0_2_017D262C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017EE627 mov eax, dword ptr fs:[00000030h]0_2_017EE627
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018506F1 mov eax, dword ptr fs:[00000030h]0_2_018506F1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018506F1 mov eax, dword ptr fs:[00000030h]0_2_018506F1
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E260B mov eax, dword ptr fs:[00000030h]0_2_017E260B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h]0_2_0184E6F2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h]0_2_0184E6F2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h]0_2_0184E6F2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h]0_2_0184E6F2
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E609 mov eax, dword ptr fs:[00000030h]0_2_0184E609
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01812619 mov eax, dword ptr fs:[00000030h]0_2_01812619
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01806620 mov eax, dword ptr fs:[00000030h]0_2_01806620
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01808620 mov eax, dword ptr fs:[00000030h]0_2_01808620
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A660 mov eax, dword ptr fs:[00000030h]0_2_0180A660
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A660 mov eax, dword ptr fs:[00000030h]0_2_0180A660
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189866E mov eax, dword ptr fs:[00000030h]0_2_0189866E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189866E mov eax, dword ptr fs:[00000030h]0_2_0189866E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4690 mov eax, dword ptr fs:[00000030h]0_2_017D4690
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4690 mov eax, dword ptr fs:[00000030h]0_2_017D4690
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01802674 mov eax, dword ptr fs:[00000030h]0_2_01802674
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F6962 mov eax, dword ptr fs:[00000030h]0_2_017F6962
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F6962 mov eax, dword ptr fs:[00000030h]0_2_017F6962
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F6962 mov eax, dword ptr fs:[00000030h]0_2_017F6962
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018589B3 mov esi, dword ptr fs:[00000030h]0_2_018589B3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018589B3 mov eax, dword ptr fs:[00000030h]0_2_018589B3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018589B3 mov eax, dword ptr fs:[00000030h]0_2_018589B3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018669C0 mov eax, dword ptr fs:[00000030h]0_2_018669C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018049D0 mov eax, dword ptr fs:[00000030h]0_2_018049D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189A9D3 mov eax, dword ptr fs:[00000030h]0_2_0189A9D3
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C8918 mov eax, dword ptr fs:[00000030h]0_2_017C8918
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017C8918 mov eax, dword ptr fs:[00000030h]0_2_017C8918
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185E9E0 mov eax, dword ptr fs:[00000030h]0_2_0185E9E0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018029F9 mov eax, dword ptr fs:[00000030h]0_2_018029F9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018029F9 mov eax, dword ptr fs:[00000030h]0_2_018029F9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E908 mov eax, dword ptr fs:[00000030h]0_2_0184E908
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184E908 mov eax, dword ptr fs:[00000030h]0_2_0184E908
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185C912 mov eax, dword ptr fs:[00000030h]0_2_0185C912
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h]0_2_017DA9D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h]0_2_017DA9D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h]0_2_017DA9D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h]0_2_017DA9D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h]0_2_017DA9D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h]0_2_017DA9D0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0186892B mov eax, dword ptr fs:[00000030h]0_2_0186892B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185892A mov eax, dword ptr fs:[00000030h]0_2_0185892A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01850946 mov eax, dword ptr fs:[00000030h]0_2_01850946
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D09AD mov eax, dword ptr fs:[00000030h]0_2_017D09AD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D09AD mov eax, dword ptr fs:[00000030h]0_2_017D09AD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h]0_2_017E29A0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181096E mov eax, dword ptr fs:[00000030h]0_2_0181096E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181096E mov edx, dword ptr fs:[00000030h]0_2_0181096E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0181096E mov eax, dword ptr fs:[00000030h]0_2_0181096E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185C97C mov eax, dword ptr fs:[00000030h]0_2_0185C97C
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01874978 mov eax, dword ptr fs:[00000030h]0_2_01874978
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01874978 mov eax, dword ptr fs:[00000030h]0_2_01874978
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185C89D mov eax, dword ptr fs:[00000030h]0_2_0185C89D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4859 mov eax, dword ptr fs:[00000030h]0_2_017D4859
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D4859 mov eax, dword ptr fs:[00000030h]0_2_017D4859
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E2840 mov ecx, dword ptr fs:[00000030h]0_2_017E2840
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h]0_2_017F2835
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h]0_2_017F2835
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h]0_2_017F2835
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2835 mov ecx, dword ptr fs:[00000030h]0_2_017F2835
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h]0_2_017F2835
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h]0_2_017F2835
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189A8E4 mov eax, dword ptr fs:[00000030h]0_2_0189A8E4
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C8F9 mov eax, dword ptr fs:[00000030h]0_2_0180C8F9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180C8F9 mov eax, dword ptr fs:[00000030h]0_2_0180C8F9
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185C810 mov eax, dword ptr fs:[00000030h]0_2_0185C810
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180A830 mov eax, dword ptr fs:[00000030h]0_2_0180A830
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187483A mov eax, dword ptr fs:[00000030h]0_2_0187483A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187483A mov eax, dword ptr fs:[00000030h]0_2_0187483A
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FE8C0 mov eax, dword ptr fs:[00000030h]0_2_017FE8C0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01800854 mov eax, dword ptr fs:[00000030h]0_2_01800854
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01866870 mov eax, dword ptr fs:[00000030h]0_2_01866870
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01866870 mov eax, dword ptr fs:[00000030h]0_2_01866870
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185E872 mov eax, dword ptr fs:[00000030h]0_2_0185E872
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185E872 mov eax, dword ptr fs:[00000030h]0_2_0185E872
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0887 mov eax, dword ptr fs:[00000030h]0_2_017D0887
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017CCB7E mov eax, dword ptr fs:[00000030h]0_2_017CCB7E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01884BB0 mov eax, dword ptr fs:[00000030h]0_2_01884BB0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01884BB0 mov eax, dword ptr fs:[00000030h]0_2_01884BB0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187EBD0 mov eax, dword ptr fs:[00000030h]0_2_0187EBD0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FEB20 mov eax, dword ptr fs:[00000030h]0_2_017FEB20
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FEB20 mov eax, dword ptr fs:[00000030h]0_2_017FEB20
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185CBF0 mov eax, dword ptr fs:[00000030h]0_2_0185CBF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FEBFC mov eax, dword ptr fs:[00000030h]0_2_017FEBFC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8BF0 mov eax, dword ptr fs:[00000030h]0_2_017D8BF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8BF0 mov eax, dword ptr fs:[00000030h]0_2_017D8BF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8BF0 mov eax, dword ptr fs:[00000030h]0_2_017D8BF0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h]0_2_0184EB1D
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01898B28 mov eax, dword ptr fs:[00000030h]0_2_01898B28
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01898B28 mov eax, dword ptr fs:[00000030h]0_2_01898B28
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0BCD mov eax, dword ptr fs:[00000030h]0_2_017D0BCD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0BCD mov eax, dword ptr fs:[00000030h]0_2_017D0BCD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0BCD mov eax, dword ptr fs:[00000030h]0_2_017D0BCD
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F0BCB mov eax, dword ptr fs:[00000030h]0_2_017F0BCB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F0BCB mov eax, dword ptr fs:[00000030h]0_2_017F0BCB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F0BCB mov eax, dword ptr fs:[00000030h]0_2_017F0BCB
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0BBE mov eax, dword ptr fs:[00000030h]0_2_017E0BBE
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0BBE mov eax, dword ptr fs:[00000030h]0_2_017E0BBE
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01884B4B mov eax, dword ptr fs:[00000030h]0_2_01884B4B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01884B4B mov eax, dword ptr fs:[00000030h]0_2_01884B4B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01878B42 mov eax, dword ptr fs:[00000030h]0_2_01878B42
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01866B40 mov eax, dword ptr fs:[00000030h]0_2_01866B40
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01866B40 mov eax, dword ptr fs:[00000030h]0_2_01866B40
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0189AB40 mov eax, dword ptr fs:[00000030h]0_2_0189AB40
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187EB50 mov eax, dword ptr fs:[00000030h]0_2_0187EB50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_018A4A80 mov eax, dword ptr fs:[00000030h]0_2_018A4A80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01808A90 mov edx, dword ptr fs:[00000030h]0_2_01808A90
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0A5B mov eax, dword ptr fs:[00000030h]0_2_017E0A5B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017E0A5B mov eax, dword ptr fs:[00000030h]0_2_017E0A5B
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01826AA4 mov eax, dword ptr fs:[00000030h]0_2_01826AA4
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h]0_2_017D6A50
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F4A35 mov eax, dword ptr fs:[00000030h]0_2_017F4A35
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017F4A35 mov eax, dword ptr fs:[00000030h]0_2_017F4A35
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01826ACC mov eax, dword ptr fs:[00000030h]0_2_01826ACC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01826ACC mov eax, dword ptr fs:[00000030h]0_2_01826ACC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01826ACC mov eax, dword ptr fs:[00000030h]0_2_01826ACC
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01804AD0 mov eax, dword ptr fs:[00000030h]0_2_01804AD0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01804AD0 mov eax, dword ptr fs:[00000030h]0_2_01804AD0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017FEA2E mov eax, dword ptr fs:[00000030h]0_2_017FEA2E
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180AAEE mov eax, dword ptr fs:[00000030h]0_2_0180AAEE
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180AAEE mov eax, dword ptr fs:[00000030h]0_2_0180AAEE
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0185CA11 mov eax, dword ptr fs:[00000030h]0_2_0185CA11
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180CA24 mov eax, dword ptr fs:[00000030h]0_2_0180CA24
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0AD0 mov eax, dword ptr fs:[00000030h]0_2_017D0AD0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180CA38 mov eax, dword ptr fs:[00000030h]0_2_0180CA38
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8AA0 mov eax, dword ptr fs:[00000030h]0_2_017D8AA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8AA0 mov eax, dword ptr fs:[00000030h]0_2_017D8AA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0187EA60 mov eax, dword ptr fs:[00000030h]0_2_0187EA60
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180CA6F mov eax, dword ptr fs:[00000030h]0_2_0180CA6F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180CA6F mov eax, dword ptr fs:[00000030h]0_2_0180CA6F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0180CA6F mov eax, dword ptr fs:[00000030h]0_2_0180CA6F
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184CA72 mov eax, dword ptr fs:[00000030h]0_2_0184CA72
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_0184CA72 mov eax, dword ptr fs:[00000030h]0_2_0184CA72
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h]0_2_017DEA80
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_01806DA0 mov eax, dword ptr fs:[00000030h]0_2_01806DA0
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0D59 mov eax, dword ptr fs:[00000030h]0_2_017D0D59
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0D59 mov eax, dword ptr fs:[00000030h]0_2_017D0D59
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D0D59 mov eax, dword ptr fs:[00000030h]0_2_017D0D59
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8D59 mov eax, dword ptr fs:[00000030h]0_2_017D8D59
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8D59 mov eax, dword ptr fs:[00000030h]0_2_017D8D59
      Source: C:\Users\user\Desktop\YHcZGpLBUw.exeCode function: 0_2_017D8D59 mov eax, dword ptr fs:[00000030h]0_2_017D8D59
      Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      Process Injection      		1
      Virtualization/Sandbox Evasion      		OS Credential Dumping31
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		2
      Software Packing      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Process Injection      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      YHcZGpLBUw.exe55%ReversingLabsWin32.Trojan.FormBook
      YHcZGpLBUw.exe100%AviraTR/Crypt.ZPACK.Gen
      YHcZGpLBUw.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netAmcache.hve.3.drfalse
        		high

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1410997
        Start date and time:2024-03-18 14:42:27 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 21s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:8
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:YHcZGpLBUw.exe
        renamed because original name is a hash value
        Original Sample Name:d028e3b4d6ebc62c3c23bdb8d7e09f1dc85acda7547f9dea476ea8e3023e81f2.exe
        Detection:MAL
        Classification:mal76.troj.winEXE@2/5@0/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 89%
        • Number of executed functions: 8
        • Number of non-executed functions: 337
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 20.189.173.21
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size exceeded maximum capacity and may have missing disassembly code.
        • VT rate limit hit for: YHcZGpLBUw.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        14:43:30API Interceptor1x Sleep call for process: WerFault.exe modified

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_YHcZGpLBUw.exe_28fb9589501c8952afea72a3e035858c89af4d27_a9826182_d4ce248e-138e-49b3-b638-ba1787072a51\Report.wer

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):65536
        Entropy (8bit):0.6343922138102679
        Encrypted:false
        SSDEEP:96:H61StFQ+w5N4smhPc7yfbQXIDcQvc6QcEVcw3cE/n+HbHg6ZAX/d5FMT2SlPkpX6:B6+M4a0BU/gjEzuiFQ+Z24IO8P
        MD5:C331607E08564E0F745D953BD9336F5A
        SHA1:BA886E40C6DE44DFDAAB85A1AB3BCD541209BAB3
        SHA-256:52CC7839433DDE610F0D6D63CFDBE8E07418B8A69CA323148273D79ABD673F7F
        SHA-512:57A8B2EA7574C73F87595706EAE072A3BD1C00B4725936166A576F0B99DADB124154D1ACFD184EC0C9916BBDF5C221A82FA3BB2F48145D835DE64888FB00CC33
        Malicious:false
        Reputation:low
        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.5.2.4.3.0.0.2.5.1.9.0.9.8.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.5.2.4.3.0.0.2.9.8.7.8.5.0.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.4.c.e.2.4.8.e.-.1.3.8.e.-.4.9.b.3.-.b.6.3.8.-.b.a.1.7.8.7.0.7.2.a.5.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.5.3.3.d.2.6.c.-.1.7.3.a.-.4.3.8.3.-.8.d.f.8.-.6.f.f.a.f.2.e.4.a.6.4.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.Y.H.c.Z.G.p.L.B.U.w...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.2.c.-.0.0.0.1.-.0.0.1.4.-.b.a.2.d.-.b.1.3.a.3.a.7.9.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.b.a.e.8.d.2.d.a.f.e.0.9.f.3.f.0.6.0.6.1.b.f.0.3.3.6.d.d.7.b.d.0.0.0.0.f.f.f.f.!.0.0.0.0.0.b.a.a.6.7.4.5.3.d.4.5.c.8.2.e.b.c.a.e.8.4.d.5.7.1.2.4.b.2.b.d.2.3.7.7.9.5.d.6.!.Y.H.c.Z.G.p.L.B.U.w...e.x.e.....T.a.r.g.e.t.A.p.p.

        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D55.tmp.dmp

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:Mini DuMP crash report, 14 streams, Mon Mar 18 13:43:22 2024, 0x1205a4 type
        Category:dropped
        Size (bytes):23764
        Entropy (8bit):1.7956200748310671
        Encrypted:false
        SSDEEP:96:5m8eE3J6CQRhNe6pi7nh1LpiyESTn8hjWwEtUw5WIUfWIKHBIxcjOb:fqK2OBELhjWwEtdfCcS
        MD5:725EC96DE3FCE01ECD94E9F0D3506E73
        SHA1:9870A4E2DC7799DDA8D525025C0ACFBFD290DF59
        SHA-256:F198EEE3176CE425D94C1B25AA5E23ADD09EB372875A00C4C0EFCAF71DB93B32
        SHA-512:3BE2C17BE8316886CA67635CF5455119A7E4FAB14B833796DD99BD7B52906AF41D61A66673231E28EDB0E1F9E1E6A62D53C852CECBF7017845F613B913965AF2
        Malicious:false
        Reputation:low
        Preview:MDMP..a..... ........D.e............4...............<.......d...............T.......8...........T...........p...dS......................................................................................................eJ......L.......GenuineIntel............T.......,....D.e.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DD3.tmp.WERInternalMetadata.xml

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):8304
        Entropy (8bit):3.7011424469052905
        Encrypted:false
        SSDEEP:192:R6l7wVeJ4P6Xde6Y9kSU9h9/gmfeAprw89bRMsfebm:R6lXJA6U6Y+SU9h9/gmfeIRffD
        MD5:72124C7D88E1D883F9744591F4ECF3AE
        SHA1:22000C6A5F753CCF26398FC172EE6DF7686CA71D
        SHA-256:15A887B801249B497A5994847EC2A30494724B13E0CD00BBC9EEBB020B1C394B
        SHA-512:78375719C0CD9752E4C6580C61929351BF852332791F7D75D827B21EAA0A913195CE629E9D464E1F6DC7744816CDE5509F6155D1D97F6D9AC7B5E275ED6BCFC0
        Malicious:false
        Reputation:low
        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.4.4.<./.P.i.

        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E03.tmp.xml

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):4579
        Entropy (8bit):4.47877955992087
        Encrypted:false
        SSDEEP:48:cvIwWl8zsVJg77aI9UPWpW8VYe3Ym8M4JMMF/s+q8WNrdydd:uIjfvI7+e7V9qJfsRrdydd
        MD5:E01996DFCC3321D427CC56ADDF15FB5B
        SHA1:D9427B5C26828C4313D6C4F66BB3AA8FF904E9FC
        SHA-256:680F0FDC61047BEF4D5F4B7CD18D21C0693AB4F2E1171163D5E68BDFB5FB106D
        SHA-512:AE7176D2659060186C7D8A550AA605F243386F2A3D20EA79912E97D56AF036AC84ACC28E7E904108CF0A22A8E7789CCD985BBD277085FA22087ABDD0573E257A
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="240766" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

        C:\Windows\appcompat\Programs\Amcache.hve

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:MS Windows registry file, NT/2000 or above
        Category:dropped
        Size (bytes):1835008
        Entropy (8bit):4.465464474431474
        Encrypted:false
        SSDEEP:6144:TIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN3dwBCswSbIn:EXD94+WlLZMM6YFHZ+In
        MD5:6B58F4DD9876964E7E997552CBF98B42
        SHA1:8B6D3DB510F1CECC7119F1F850FF0A549175138B
        SHA-256:5CE6208E9B55739C87FBE6213018892F3848089F23BC07DF3019E2C3ECE2E0D7
        SHA-512:69B7FC0098F23A71F3FF7A7B0746297A87976F77B6F8F133B9F7187F03282F24EA1243FCC25272E05A7E3595C7D528DB6815EB76CA1D2C78616012C8AEF7A201
        Malicious:false
        Reputation:low
        Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm"..>:y...............................................................................................................................................................................................................................................................................................................................................y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.990577316544992
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.98%
        • DOS Executable Generic (2002/1) 0.02%
        File name:YHcZGpLBUw.exe
        File size:269'824 bytes
        MD5:0cb08733be50d8a3c7685beb4aa1a65e
        SHA1:0baa67453d45c82ebcae84d57124b2bd237795d6
        SHA256:d028e3b4d6ebc62c3c23bdb8d7e09f1dc85acda7547f9dea476ea8e3023e81f2
        SHA512:00c849ce072b8620064cd9cd3e217eb6bb585c135e6c056e6ed7a2f2729f9f72e3b7bc4f464268f8faf854da659516d1ecbb16cb144c57873e907e410e800fbb
        SSDEEP:6144:WIpyokk3Wqs0dNY68zsm8ZAac8YVDi2n6+/2dGzA1gPabqa8arHPSe:WrOjdNZ8zsmyeVn6yA1SaO4rPSe
        TLSH:3D4423C507DAC20AD0B15DBE254E1067A57EEF6FAB0C1343BD19FBB15184A720B0D69B
        File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L....(.V.....................................0....@................

        File Icon

        Icon Hash:90cececece8e8eb0

        Static PE Info

        General

        Entrypoint:0x4015c0
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x56E228D9 [Fri Mar 11 02:09:29 2016 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:

        Entrypoint Preview

        Instruction
        push ebp
        mov ebp, esp
        sub esp, 0000030Ch
        push ebx
        push esi
        push edi
        push 000002ECh
        lea eax, dword ptr [ebp-00000308h]
        push 00000000h
        push eax
        mov dword ptr [ebp-0000030Ch], 00000000h
        call 00007F47A1A28E9Ch
        add esp, 0Ch
        xor edi, edi
        xor ebx, ebx
        mov ecx, 000000EFh
        mov dword ptr [ebp-04h], ebx
        mov dword ptr [ebp-14h], ebx
        mov dword ptr [ebp-10h], ebx
        mov dword ptr [ebp-1Ch], 000075F9h
        mov dword ptr [ebp-08h], 00004F69h
        mov dword ptr [ebp-0Ch], ebx
        mov dword ptr [ebp-18h], 00003011h
        mov esi, 000076EBh
        jmp 00007F47A1A27265h
        lea ecx, dword ptr [ecx+00h]
        mov eax, 4325C53Fh
        imul esi
        sar edx, 04h
        mov esi, edx
        shr esi, 1Fh
        add esi, edx
        jne 00007F47A1A2724Fh
        mov eax, 0000385Ah
        cdq
        and edx, 1Fh
        add eax, edx
        sar eax, 05h
        test eax, eax
        jne 00007F47A1A27255h
        mov eax, 00007D4Eh
        mov edx, 000000A7h
        nop
        cmp ecx, edx
        cmovl ecx, edx
        dec eax
        jne 00007F47A1A2725Ah
        mov esi, 00007FBEh
        lea ecx, dword ptr [ecx+00h]
        mov eax, 2E8BA2E9h
        imul esi
        sar edx, 05h
        mov esi, edx
        shr esi, 1Fh
        add esi, edx
        jne 00007F47A1A2724Fh
        mov ecx, 00005949h
        mov edx, 00000080h
        mov eax, 000000BEh
        cmp eax, 00000080h

        Rich Headers

        Programming Language:
        • [C++] VS2012 build 50727
        • [ASM] VS2012 build 50727
        • [LNK] VS2012 build 50727

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x419740x41a0022aad0e73096d0977a3bbb26916d2a71False0.9874107142857143data7.9948131187267615IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:14:43:16
        Start date:18/03/2024
        Path:C:\Users\user\Desktop\YHcZGpLBUw.exe
        Wow64 process (32bit):true
        Commandline:C:\Users\user\Desktop\YHcZGpLBUw.exe
        Imagebase:0x210000
        File size:269'824 bytes
        MD5 hash:0CB08733BE50D8A3C7685BEB4AA1A65E
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
        Reputation:low
        Has exited:true

        General

        Target ID:3
        Start time:14:43:22
        Start date:18/03/2024
        Path:C:\Windows\SysWOW64\WerFault.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 232
        Imagebase:0xa50000
        File size:483'680 bytes
        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:0.5%
          Dynamic/Decrypted Code Coverage:4.7%
          Signature Coverage:18.6%
          Total number of Nodes:86
          Total number of Limit Nodes:9
          execution_graph 91806 23b483 91807 23b49d 91806->91807 91810 1812df0 LdrInitializeThunk 91807->91810 91808 23b4c5 91810->91808 91811 23bc43 91812 23bcb2 91811->91812 91813 23bc64 91811->91813 91816 21b553 91813->91816 91815 23bcab 91817 21b578 91816->91817 91818 21b695 NtReadFile 91817->91818 91819 21b6cc 91818->91819 91819->91815 91820 2356c3 91821 2356d2 91820->91821 91822 235759 91821->91822 91823 235716 91821->91823 91826 235754 91821->91826 91828 23dbd3 91823->91828 91827 23dbd3 RtlFreeHeap 91826->91827 91827->91822 91831 23c093 91828->91831 91830 235726 91832 23c0ad 91831->91832 91833 23c0be RtlFreeHeap 91832->91833 91833->91830 91846 235333 91847 23534f 91846->91847 91848 235377 91847->91848 91849 23538b 91847->91849 91850 23bd83 NtClose 91848->91850 91856 23bd83 91849->91856 91852 235380 91850->91852 91853 235394 91859 23dcf3 RtlAllocateHeap 91853->91859 91855 23539f 91857 23bd9d 91856->91857 91858 23bdae NtClose 91857->91858 91858->91853 91859->91855 91860 23ecb3 91861 23ecc3 91860->91861 91862 23ecc9 91860->91862 91865 23dcb3 91862->91865 91864 23ecef 91868 23c043 91865->91868 91867 23dccb 91867->91864 91869 23c05d 91868->91869 91870 23c06e RtlAllocateHeap 91869->91870 91870->91867 91871 23ed13 91872 23dbd3 RtlFreeHeap 91871->91872 91873 23ed28 91872->91873 91874 23bb13 91875 23bb87 91874->91875 91876 23bb31 91874->91876 91879 21b323 91876->91879 91878 23bb80 91882 21b348 91879->91882 91880 21b465 NtCreateFile 91881 21b4a4 91880->91881 91881->91878 91882->91880 91883 23db53 91886 23beb3 91883->91886 91885 23db81 91887 23bed4 91886->91887 91889 23bf16 91886->91889 91891 21bde3 91887->91891 91889->91885 91890 23bf0f 91890->91885 91894 21be08 91891->91894 91892 21bf25 NtAllocateVirtualMemory 91893 21bf50 91892->91893 91893->91890 91894->91892 91834 211b80 91835 211b90 91834->91835 91838 23f173 91835->91838 91841 23d7d3 91838->91841 91840 211be0 91842 23d7f9 91841->91842 91844 23d82e 91842->91844 91845 22bce3 NtClose 91842->91845 91844->91840 91845->91844 91895 227b3b 91898 23c763 91895->91898 91897 227b0d 91900 23c77b 91898->91900 91899 23c79f 91899->91897 91900->91899 91905 23b4d3 91900->91905 91903 23dbd3 RtlFreeHeap 91904 23c807 91903->91904 91904->91897 91906 23b4ed 91905->91906 91909 1812c0a 91906->91909 91907 23b519 91907->91903 91910 1812c11 91909->91910 91911 1812c1f LdrInitializeThunk 91909->91911 91910->91907 91911->91907

          Executed Functions

          Function 0021B323 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 14 21b323-21b387 call 219f23 call 219f33 19 21b465-21b49e NtCreateFile 14->19 20 21b38d-21b3d2 call 219fc3 call 23f1f2 call 219e93 call 23f1f2 14->20 22 21b4a4-21b4ab 19->22 23 21b53b-21b547 19->23 42 21b3dd-21b3e3 20->42 24 21b4b6-21b4bc 22->24 27 21b4e4-21b4e8 24->27 28 21b4be-21b4e2 24->28 31 21b52a-21b538 call 219fc3 27->31 32 21b4ea-21b4f1 27->32 28->24 31->23 34 21b4fc-21b502 32->34 34->31 37 21b504-21b528 34->37 37->34 43 21b3e5-21b409 42->43 44 21b40b-21b40f 42->44 43->42 44->19 46 21b411-21b42c 44->46 47 21b437-21b43d 46->47 47->19 48 21b43f-21b463 47->48 48->47
          APIs
          • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0021B491
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 500878f671fe61987dd90d92febc642b4ba13a6ed93957f880f0439bcd5fe791
          • Instruction ID: 1904f060e2c1a795490fbeea73bce90fec8f2ea0377206a862ed3291adde6530
          • Opcode Fuzzy Hash: 500878f671fe61987dd90d92febc642b4ba13a6ed93957f880f0439bcd5fe791
          • Instruction Fuzzy Hash: 8C8139B1E14158DFCB05CFA9D890AEDBBF5AF4C304F1881A9E859A7341D734A992CF90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0021B553 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 50 21b553-21b572 51 21b578-21b5b7 call 219f33 50->51 52 21b573 call 219f23 50->52 55 21b695-21b6c6 NtReadFile 51->55 56 21b5bd-21b602 call 219fc3 call 23f1f2 call 219e93 call 23f1f2 51->56 52->51 58 21b763-21b76f 55->58 59 21b6cc-21b6d3 55->59 78 21b60d-21b613 56->78 60 21b6de-21b6e4 59->60 62 21b6e6-21b70a 60->62 63 21b70c-21b710 60->63 62->60 66 21b752-21b760 call 219fc3 63->66 67 21b712-21b719 63->67 66->58 69 21b724-21b72a 67->69 69->66 73 21b72c-21b750 69->73 73->69 79 21b615-21b639 78->79 80 21b63b-21b63f 78->80 79->78 80->55 82 21b641-21b65c 80->82 83 21b667-21b66d 82->83 83->55 84 21b66f-21b693 83->84 84->83
          APIs
          • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0021B6B9
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID: FileRead
          • String ID:
          • API String ID: 2738559852-0
          • Opcode ID: e706d4866d95d29cd2acff48d905b9bd33234efe2dd5e9aca1b7b872c74dea28
          • Instruction ID: c17e0f0207c36d0ad1c4e9017e777339ca8b413d931071dae6f063947d2d4fe7
          • Opcode Fuzzy Hash: e706d4866d95d29cd2acff48d905b9bd33234efe2dd5e9aca1b7b872c74dea28
          • Instruction Fuzzy Hash: 1D714AB1E14258DFCB05CFA9C890AEDBBF5AF9C304F188169E859A7341D734A992CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0021BDE3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 86 21bde3-21be02 87 21be08-21be47 call 219f33 86->87 88 21be03 call 219f23 86->88 91 21bf25-21bf4a NtAllocateVirtualMemory 87->91 92 21be4d-21be92 call 219fc3 call 23f1f2 call 219e93 call 23f1f2 87->92 88->87 94 21bf50-21bf57 91->94 95 21bfe7-21bff3 91->95 114 21be9d-21bea3 92->114 97 21bf62-21bf68 94->97 99 21bf90-21bf94 97->99 100 21bf6a-21bf8e 97->100 101 21bfd6-21bfe4 call 219fc3 99->101 102 21bf96-21bf9d 99->102 100->97 101->95 105 21bfa8-21bfae 102->105 105->101 108 21bfb0-21bfd4 105->108 108->105 115 21bea5-21bec9 114->115 116 21becb-21becf 114->116 115->114 116->91 118 21bed1-21beec 116->118 119 21bef7-21befd 118->119 119->91 120 21beff-21bf23 119->120 120->119
          APIs
          • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0021BF3D
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID: AllocateMemoryVirtual
          • String ID:
          • API String ID: 2167126740-0
          • Opcode ID: 5d5cf2e7a6316d92f2c493bac182f6d1c903ba221cea83dca7692112376a515b
          • Instruction ID: 7ff3a3594a9d421c1b90f9b0e10e4a1f56069a903f06ab885679fb61be82db1f
          • Opcode Fuzzy Hash: 5d5cf2e7a6316d92f2c493bac182f6d1c903ba221cea83dca7692112376a515b
          • Instruction Fuzzy Hash: 32713AB1E14158DFCB05CFA9C890AEDBBF1AF59304F1880A9E459A7341D734A992CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0023BD83 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 127 23bd83-23bdbc call 214a03 call 23cdc3 NtClose
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID: Close
          • String ID:
          • API String ID: 3535843008-0
          • Opcode ID: 0411cf79be90d220f7e0068b6a6ef99ef38f0d5d4fbc70f9ae8bcf4e6ddd632b
          • Instruction ID: 869f2382c86f719e023045316161aa73365f0f72fe47557e7752682efe31d605
          • Opcode Fuzzy Hash: 0411cf79be90d220f7e0068b6a6ef99ef38f0d5d4fbc70f9ae8bcf4e6ddd632b
          • Instruction Fuzzy Hash: 86E08C722102047BD620FA59DC82FDBB7ACDFC5710F108459FA0CA7242CAB1B9108BF8
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 136 1812df0-1812dfc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: a9efdf416b95ef5c2006c012b51f17d293dbffb2088d5de79bfca56271637e4c
          • Instruction ID: b6459f3edac44bdf89660490404d8ab24c4872c40b9c9aff465eae100ee13c8e
          • Opcode Fuzzy Hash: a9efdf416b95ef5c2006c012b51f17d293dbffb2088d5de79bfca56271637e4c
          • Instruction Fuzzy Hash: A090023120141417D51271584505707004997D1341F95C412E5438558DDA568B96A222
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0023C093 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 23c093-23c0d4 call 214a03 call 23cdc3 RtlFreeHeap
          APIs
          • RtlFreeHeap.NTDLL(<6",?,?,?,00000000,<6",?,0022363C,?,?), ref: 0023C0CF
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID: FreeHeap
          • String ID: <6"
          • API String ID: 3298025750-2387350903
          • Opcode ID: 55406d649e17dc75e7d91490b665063f0f1ee2c75a1c1abc73bda08e35299cd1
          • Instruction ID: b2879375a29e101ffcda3c693c53f0d88f26bc3e3cef6427aecdeb8c0439e6cb
          • Opcode Fuzzy Hash: 55406d649e17dc75e7d91490b665063f0f1ee2c75a1c1abc73bda08e35299cd1
          • Instruction Fuzzy Hash: 42E012B66042147BD614EE59DC41FDB77ACEFC9710F108419F919A7241D670BD118BF4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0023C043 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 122 23c043-23c084 call 214a03 call 23cdc3 RtlAllocateHeap
          APIs
          • RtlAllocateHeap.NTDLL(?,0022F047,?,?,00000000,?,0022F047,?,?,?), ref: 0023C07F
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: 7bfa29b4b7dd69ce414ebbb871736f9c83abb323333f37fb5b919ef2fcae1fcb
          • Instruction ID: be26985936ac81554664a4b2997a5c00d2240511fff8f6dbdb887131173356b6
          • Opcode Fuzzy Hash: 7bfa29b4b7dd69ce414ebbb871736f9c83abb323333f37fb5b919ef2fcae1fcb
          • Instruction Fuzzy Hash: 5BE0E5B26442497BD614EE59EC41FDB77ACEF89710F10841AFA09A7242DA71B9208BB4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 132 1812c0a-1812c0f 133 1812c11-1812c18 132->133 134 1812c1f-1812c26 LdrInitializeThunk 132->134
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 6821069460c1346d77b167690b537749fbb404e49ead14cb2e7b36270e9c5721
          • Instruction ID: 9abed68a71e7f21ee72063e5296d6cea9277a80b7ede74f5c0e266b0cb339ce4
          • Opcode Fuzzy Hash: 6821069460c1346d77b167690b537749fbb404e49ead14cb2e7b36270e9c5721
          • Instruction Fuzzy Hash: 47B09B729015D5CADE12E7644609717794577D1701F25C061D3034641F4738C2D5E276
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Function 01852349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2160512332
          • Opcode ID: 32e67eac29a86e69931b0fe6a706837c6202a154f993a8fd876c7ac888c63953
          • Instruction ID: e22d66a33724d25415eeb6b4c94da776908a07403dda96bc1602e299c3e829fd
          • Opcode Fuzzy Hash: 32e67eac29a86e69931b0fe6a706837c6202a154f993a8fd876c7ac888c63953
          • Instruction Fuzzy Hash: 83928B71604346EBE761CE28C884B6BB7EAFB84754F04482DFE94D7251DB70EA44CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017C68B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-3089669407
          • Opcode ID: 391540af2d84f0f65b9828d63a17499b67292a130a08af13b43f91a35137913e
          • Instruction ID: ef99bd0481c7627432a55a4145b9333c5eabc652e43fc217af53d6a552843670
          • Opcode Fuzzy Hash: 391540af2d84f0f65b9828d63a17499b67292a130a08af13b43f91a35137913e
          • Instruction Fuzzy Hash: 648131B2D01229AF8B11EAD8DDD4EDEB7BDAB54710B544526FA01F7104E730EF058BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01875910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
          Download Yara Rule
          Strings
          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01875FE1
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0187635D
          • @, xrefs: 01876027
          • Control Panel\Desktop, xrefs: 0187615E
          • @, xrefs: 018761B0
          • PreferredUILanguagesPending, xrefs: 018761D2
          • @, xrefs: 018763A0
          • PreferredUILanguages, xrefs: 018763D1
          • LanguageConfiguration, xrefs: 01876420
          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01875A84
          • InstallLanguageFallback, xrefs: 01876050
          • @, xrefs: 0187647A
          • @, xrefs: 01876277
          • LanguageConfigurationPending, xrefs: 01876221
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
          • API String ID: 0-1325123933
          • Opcode ID: d1021e1cf5863e4cd1e3fe3b0b7f72d0440fb901d58bb3c03779ca8f54e7e5c8
          • Instruction ID: fe72cb5903fe1f91daa7b9645c1accf44ed7a6c1e903b9bc9927c98ea7692e3e
          • Opcode Fuzzy Hash: d1021e1cf5863e4cd1e3fe3b0b7f72d0440fb901d58bb3c03779ca8f54e7e5c8
          • Instruction Fuzzy Hash: 977269725087419FE325DF28C880B6BBBE9BBC8714F54492DFA99D7250E730DA05CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01808620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
          Download Yara Rule
          Strings
          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018454CE
          • undeleted critical section in freed memory, xrefs: 0184542B
          • 8, xrefs: 018452E3
          • Critical section address, xrefs: 01845425, 018454BC, 01845534
          • Address of the debug info found in the active list., xrefs: 018454AE, 018454FA
          • Critical section debug info address, xrefs: 0184541F, 0184552E
          • Invalid debug info address of this critical section, xrefs: 018454B6
          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0184540A, 01845496, 01845519
          • corrupted critical section, xrefs: 018454C2
          • double initialized or corrupted critical section, xrefs: 01845508
          • Critical section address., xrefs: 01845502
          • Thread identifier, xrefs: 0184553A
          • Thread is in a state in which it cannot own a critical section, xrefs: 01845543
          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018454E2
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
          • API String ID: 0-2368682639
          • Opcode ID: 6d5c65e63a404886b9ebe5d70ec052ae9ed3c8d2891c6f304a832a6d8a783a78
          • Instruction ID: ee40f0e787f32a41f7f3071e9a06d798941f657dec829e94d1d437be626d19ae
          • Opcode Fuzzy Hash: 6d5c65e63a404886b9ebe5d70ec052ae9ed3c8d2891c6f304a832a6d8a783a78
          • Instruction Fuzzy Hash: 05818BB1A01348EFDB60CF99C895BAEFBB9BB09B14F204119F504F7280D775AA40CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
          Download Yara Rule
          Strings
          • @, xrefs: 0184259B
          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01842506
          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018422E4
          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018425EB
          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01842624
          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01842412
          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01842498
          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01842409
          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01842602
          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018424C0
          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0184261F
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
          • API String ID: 0-4009184096
          • Opcode ID: 2b159785fe14f823caa6a284def5a938fde4603d30f08cafcc584dafe5bd37c8
          • Instruction ID: 7d616b67dd7af230feeb6a64b3b024f8ee374f586bf80511db00f979bc79c603
          • Opcode Fuzzy Hash: 2b159785fe14f823caa6a284def5a938fde4603d30f08cafcc584dafe5bd37c8
          • Instruction Fuzzy Hash: 05025DF1D0422D9BDB61DB58CD84BEAB7B9AB54304F0041DAA609E7281EB709F84CF59
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01800F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
          • API String ID: 0-360209818
          • Opcode ID: 335fec465082f0b83a6c909e953ec04e118fd449bd6b114bfb6fbac67abe2d7e
          • Instruction ID: df874b5f07db9d0108cc3156b3c644d67f3688e1a6a43598e07f4fd69cbb1b00
          • Opcode Fuzzy Hash: 335fec465082f0b83a6c909e953ec04e118fd449bd6b114bfb6fbac67abe2d7e
          • Instruction Fuzzy Hash: 406293B5A0022D8FEB65CF18CC447A9B7B6AF95324F5441DAD549EB280DB32ABD1CF40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01878B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
          • API String ID: 0-2515994595
          • Opcode ID: a918722500ec22520117a1c1398d694cc7ace1b337a6b5db6883e61c1853d9df
          • Instruction ID: 011302f9648a260cfa19288f14338b6a81cba12d8fe039db3016c9ee1c186708
          • Opcode Fuzzy Hash: a918722500ec22520117a1c1398d694cc7ace1b337a6b5db6883e61c1853d9df
          • Instruction Fuzzy Hash: 5B51BDB16083059BD329CF188848BABBBECFFD5754F544A2DAA99C3241E770D704CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018812ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
          • API String ID: 0-3591852110
          • Opcode ID: dbf069adf0f56962f43256378e444b93b87a84d9ae42235fd42b174d7a97b3ef
          • Instruction ID: b0e316d9228ea98c454129c977c3a79df5c544957716423130d385a4d9c4bc4f
          • Opcode Fuzzy Hash: dbf069adf0f56962f43256378e444b93b87a84d9ae42235fd42b174d7a97b3ef
          • Instruction Fuzzy Hash: 4E12AB70600646DFD725AF29C489BB6BBE5FF09714F18845DE486CB682DB34EA82CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
          • API String ID: 0-3197712848
          • Opcode ID: f15dd91d647cc16fa82e91658c740a01e5790d176295e2ca8d82b36e8980599f
          • Instruction ID: 5baf9a822fc41f223830d6409c00f2765d95472f8ce5b55789cfae39e1096386
          • Opcode Fuzzy Hash: f15dd91d647cc16fa82e91658c740a01e5790d176295e2ca8d82b36e8980599f
          • Instruction Fuzzy Hash: 9D12E4716083428FD325DF28C458BAAFBE4BFC9714F08466DF9859B291E734DA44CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
          • API String ID: 0-3532704233
          • Opcode ID: 45bb016ebb39b7799f81eb534b1d19b7df5e659e562052a4a1a6e818d989faea
          • Instruction ID: d50f9a7d0adef2a403cdeafeb3792bf1cee835f8fd392aaa7fbe94b63c9d432f
          • Opcode Fuzzy Hash: 45bb016ebb39b7799f81eb534b1d19b7df5e659e562052a4a1a6e818d989faea
          • Instruction Fuzzy Hash: AFB19D725083519BC726DF68C480A6BFBE8BF88B54F05493EF989D7240D770DA44CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01880CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
          • API String ID: 0-1357697941
          • Opcode ID: 524f8a51927dc579ad944b216320b7767a614cafb7e2540fc1091a0f60593df9
          • Instruction ID: 774ae4e1817b9b3d9ffadd6febb0be1a4dbce8f609603da9263c6ff9e3809264
          • Opcode Fuzzy Hash: 524f8a51927dc579ad944b216320b7767a614cafb7e2540fc1091a0f60593df9
          • Instruction Fuzzy Hash: D2F1BE71A00686EFDB25EF68C455BAAFBF5FF09714F04805DE585D7282C730AA4ACB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01880274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
          • API String ID: 0-1700792311
          • Opcode ID: 667bcadffc36d4355dc9d3717a412f76bf6db056306887a1b3a6b723a636a173
          • Instruction ID: 7a2a7d2e63cd473f90a200084fec6757d5fba0857696dd771d0afb9099b92b54
          • Opcode Fuzzy Hash: 667bcadffc36d4355dc9d3717a412f76bf6db056306887a1b3a6b723a636a173
          • Instruction Fuzzy Hash: C2D1CF7160068ADFDB22EF68C455AA9FBF1FF49718F18805DF445EB252C7349A89CB20
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
          Download Yara Rule
          Strings
          • VerifierFlags, xrefs: 01858C50
          • VerifierDlls, xrefs: 01858CBD
          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01858A3D
          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01858A67
          • AVRF: -*- final list of providers -*- , xrefs: 01858B8F
          • VerifierDebug, xrefs: 01858CA5
          • HandleTraces, xrefs: 01858C8F
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
          • API String ID: 0-3223716464
          • Opcode ID: 2c1da6b031180cf2b7c0d9c3a0879f25390f6f41e22016889fa111f543029803
          • Instruction ID: 4a242e82d1f05851f208b1c472cc2d7a86edc68bc6d8f15e87f5ce46dbf43b1b
          • Opcode Fuzzy Hash: 2c1da6b031180cf2b7c0d9c3a0879f25390f6f41e22016889fa111f543029803
          • Instruction Fuzzy Hash: 2D91F3B1A01716DFDB62DF2E8880B5AB7E9EB55B14F05045EFE45EB241D730AF008B92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
          • API String ID: 0-1109411897
          • Opcode ID: 9e84d6f7c8202506ca92c668bcf019ad2db03b4af1a1157cf71c4607a61dafdb
          • Instruction ID: 098b582aa3622f95072c9c5fd67ca282e57c49399f012cae41e096e9c5a959e9
          • Opcode Fuzzy Hash: 9e84d6f7c8202506ca92c668bcf019ad2db03b4af1a1157cf71c4607a61dafdb
          • Instruction Fuzzy Hash: 86A24A74A0562A8FDB65DF28CC887A9FBB5AF85304F1442E9D90EA7250DB359EC1CF40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-523794902
          • Opcode ID: 39ed681fd2fbc0465ababa110f0070c687dd0aa91c4ccbd0882f75417c127383
          • Instruction ID: 8ee3ac1c2cfc49f3b732708bf6df29d2c894d8253a9a527c290d7b046999d5b6
          • Opcode Fuzzy Hash: 39ed681fd2fbc0465ababa110f0070c687dd0aa91c4ccbd0882f75417c127383
          • Instruction Fuzzy Hash: 2842EE712087829FD716DF28C488A6AFBE6FF88B04F14456DF585CB252D730DA85CB52
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017DADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
          • API String ID: 0-4098886588
          • Opcode ID: fcb505a5fec915206c84faa45b9a5b71e66604218342902863cffebf2c3b533a
          • Instruction ID: f7d9a15d51ea0c8cea0b940aae16f229da2ca3bbc686fd851e276d4675bd6a19
          • Opcode Fuzzy Hash: fcb505a5fec915206c84faa45b9a5b71e66604218342902863cffebf2c3b533a
          • Instruction Fuzzy Hash: FF32807190426D8BDF22CB18C898BEEFBB5BF86340F1541E9E849A7251DB759F818F40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
          • API String ID: 0-122214566
          • Opcode ID: 48a54717ab13f8a5629afd21165bf9a8a121e6d1f1273cf8bc9de652649880c9
          • Instruction ID: 21421fa591d4d9eccb7d1e8dd92829791f1b0e1fcfbe222941ceb191e2866e2d
          • Opcode Fuzzy Hash: 48a54717ab13f8a5629afd21165bf9a8a121e6d1f1273cf8bc9de652649880c9
          • Instruction Fuzzy Hash: 40C15B31A04216ABDB258F68C899B7EFFE5EF8A310F184169ED01DB691E774CE44C391
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
          • API String ID: 0-792281065
          • Opcode ID: 89a5727e7a8eb199de6d3b14ce549dd3379b8939b3293109bbcefebe63489278
          • Instruction ID: 39432629c7a31e51ea3777de6a29301aee13f7e86cb6d7edfee2f11f062a0b0e
          • Opcode Fuzzy Hash: 89a5727e7a8eb199de6d3b14ce549dd3379b8939b3293109bbcefebe63489278
          • Instruction Fuzzy Hash: AD911871B0171D9BEB26DF58DC84BAA7BA1BF50B18F250129EA00E72C5EB749701CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
          Download Yara Rule
          Strings
          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018299ED
          • LdrpInitShimEngine, xrefs: 018299F4, 01829A07, 01829A30
          • minkernel\ntdll\ldrinit.c, xrefs: 01829A11, 01829A3A
          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01829A01
          • apphelp.dll, xrefs: 017C6496
          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01829A2A
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-204845295
          • Opcode ID: 42ec2186bf959a2451cf295a296523f8726cdecd688741a57623fd0356dda105
          • Instruction ID: 29ee7f0339040213db13e6546e45ed177dd144fce12f35bd836dda59cae4134a
          • Opcode Fuzzy Hash: 42ec2186bf959a2451cf295a296523f8726cdecd688741a57623fd0356dda105
          • Instruction Fuzzy Hash: 385104716083149FD721DF24D895FABB7E8FB84B48F10091EF98697265DB30EA44CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • Loading import redirection DLL: '%wZ', xrefs: 01848170
          • LdrpInitializeProcess, xrefs: 0180C6C4
          • minkernel\ntdll\ldrredirect.c, xrefs: 01848181, 018481F5
          • minkernel\ntdll\ldrinit.c, xrefs: 0180C6C3
          • LdrpInitializeImportRedirection, xrefs: 01848177, 018481EB
          • Unable to build import redirection Table, Status = 0x%x, xrefs: 018481E5
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-475462383
          • Opcode ID: 49f4b41d683d7e415d9d0b25f9532c0f2e136a48cfd51936764fbfdfca14e4f0
          • Instruction ID: 9b2608f52fdf11b4fa62074354100d5a6a8692400fdff31907caabd1b29e85c8
          • Opcode Fuzzy Hash: 49f4b41d683d7e415d9d0b25f9532c0f2e136a48cfd51936764fbfdfca14e4f0
          • Instruction Fuzzy Hash: DC31F5B164474A9FC224EE68DD45E1AB794EF90B14F01055CF940AB295EB20EE04C7A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01802674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0184219F
          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01842178
          • RtlGetAssemblyStorageRoot, xrefs: 01842160, 0184219A, 018421BA
          • SXS: %s() passed the empty activation context, xrefs: 01842165
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018421BF
          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01842180
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
          • API String ID: 0-861424205
          • Opcode ID: 539ba441eaf2a2284babf8e309719a7e3150dc15e3d28bcb7c9688b0ab9dc3f4
          • Instruction ID: bbe57067eed31e1326f86fc843e7bdd9ce301d5e1e3059e5a7a53363ce13a218
          • Opcode Fuzzy Hash: 539ba441eaf2a2284babf8e309719a7e3150dc15e3d28bcb7c9688b0ab9dc3f4
          • Instruction Fuzzy Hash: 8D312B76F4021D77F7229A999C85F9BBB7ADBA4B90F054059BB04F7180D7B0AB00C7A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E9950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
          • API String ID: 0-3393094623
          • Opcode ID: 42bb1e82c14761387b9f150c10a29b8f31a836b75ea4118ac68d93bca0063522
          • Instruction ID: 1d3a714392ca199ebac51197066738464a22a8c3c08dc8f75ad71a8522a9a79b
          • Opcode Fuzzy Hash: 42bb1e82c14761387b9f150c10a29b8f31a836b75ea4118ac68d93bca0063522
          • Instruction Fuzzy Hash: 05024BB25083818FD721CF28C48876BFBE5BF88718F44895EEA99D7251E770D944CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0181096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 01812DF0: LdrInitializeThunk.NTDLL ref: 01812DFA
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01810BA3
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01810BB6
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01810D60
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01810D74
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
          • String ID:
          • API String ID: 1404860816-0
          • Opcode ID: a8e97f5424a73a4358402485c98d4b0012f98d210e55f57069c330b7c2f4bed7
          • Instruction ID: 725e59e3c5bd6e7008c813963255086403446b9e3602464233663258df519827
          • Opcode Fuzzy Hash: a8e97f5424a73a4358402485c98d4b0012f98d210e55f57069c330b7c2f4bed7
          • Instruction Fuzzy Hash: B4425F76900719DFDB21CF28C840BAAB7F9FF48314F1445A9E989DB245DB70AA84CF61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01854F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
          • API String ID: 0-2518169356
          • Opcode ID: 37adf81e851152e6315fe4dd3c18e1487b5d6118f9140350d8574f03ab85bbe5
          • Instruction ID: c84d0814d11fc1ffac213fcad9d71aedd4e73d29d74721efdd8ba73ac390ed52
          • Opcode Fuzzy Hash: 37adf81e851152e6315fe4dd3c18e1487b5d6118f9140350d8574f03ab85bbe5
          • Instruction Fuzzy Hash: 6C91C072D0061ACBCB61CFACC881AAEBBB1FF49310F594169E811E7350E775DA41CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: f7e10e775921386853d6dbf995c21ed12b0f3178be097437d9696abe6533e018
          • Instruction ID: 3de6b87de2dc6de1e83f7c5fedaf71407b847ab590fbcd50cdedf131a6fee819
          • Opcode Fuzzy Hash: f7e10e775921386853d6dbf995c21ed12b0f3178be097437d9696abe6533e018
          • Instruction Fuzzy Hash: 8B13BF70A00655CFDB29CF68C8887A9FBF1FF49304F1881A9D949AB386D734A945CF91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EA840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
          Download Yara Rule
          Strings
          • SsHd, xrefs: 017EA885
          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01837D03
          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01837D39
          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01837D56
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
          • API String ID: 0-2905229100
          • Opcode ID: 4ab66ffa4d58a36b5a3f120cccec80868b93605c644abb0aa96b930b55d6cad7
          • Instruction ID: fda34dfde97078d172883e602c081aac261f2941f1c6a592de7421e63bc0b928
          • Opcode Fuzzy Hash: 4ab66ffa4d58a36b5a3f120cccec80868b93605c644abb0aa96b930b55d6cad7
          • Instruction Fuzzy Hash: F3D1AE75A0021A9FDB25CF98C8C4AADFBF1EF58310F19406AE905AB345D331DA91CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
          • API String ID: 0-379654539
          • Opcode ID: 951d0ac2a45e3ce64a67e8bee2b112ac3b893bdcfc8b123318e9bfe247643d30
          • Instruction ID: 90339fdb64d326b3ae54b9ec4297dbd961a07ccc7f9b9bfcf77ff1e75bb73c66
          • Opcode Fuzzy Hash: 951d0ac2a45e3ce64a67e8bee2b112ac3b893bdcfc8b123318e9bfe247643d30
          • Instruction Fuzzy Hash: 83C1697510838ACFD711CF58C044B6AB7F4BF84704F0489AAF996CB255E734DA4ACBA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01808402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
          Download Yara Rule
          Strings
          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0180855E
          • LdrpInitializeProcess, xrefs: 01808422
          • @, xrefs: 01808591
          • minkernel\ntdll\ldrinit.c, xrefs: 01808421
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1918872054
          • Opcode ID: 112b522e0300cfc1e109025b136f4ddd3ef57034190e24e644f16a8b44e45bcc
          • Instruction ID: 85c9f9957d946ff797bfb9efb9ee315e17fb913ee333e28746313eb46ae99a20
          • Opcode Fuzzy Hash: 112b522e0300cfc1e109025b136f4ddd3ef57034190e24e644f16a8b44e45bcc
          • Instruction Fuzzy Hash: 34919E71508749AFE722DF65CC81EABBAECBF89744F40092EF684D2195E730DA44CB52
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E0C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
          Download Yara Rule
          Strings
          • HEAP: , xrefs: 018354E0, 018355A1
          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 018355AE
          • HEAP[%wZ]: , xrefs: 018354D1, 01835592
          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018354ED
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
          • API String ID: 0-1657114761
          • Opcode ID: 89421b8b7e2fce771933227b06c841c5029e6a5c298abe4c8fc5cad13fff1cd1
          • Instruction ID: b3cbdb727426496eb60b52d1b505afe5dac73029cb96b9533707112b8f06ced3
          • Opcode Fuzzy Hash: 89421b8b7e2fce771933227b06c841c5029e6a5c298abe4c8fc5cad13fff1cd1
          • Instruction Fuzzy Hash: 62A1D17070060ADFD725CF68C4887BAFBE1AF58700F18856DF48ACB686D7B5A984C791
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
          Download Yara Rule
          Strings
          • .Local, xrefs: 018028D8
          • SXS: %s() passed the empty activation context, xrefs: 018421DE
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018422B6
          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018421D9, 018422B1
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
          • API String ID: 0-1239276146
          • Opcode ID: 9f6ca3a8f1e369330c2edc3b58179a74be4a0db8b86976d5f44b850d5b093e24
          • Instruction ID: 6beb8abea679f5daaaaf3913a653aba8cb9c5b0af4cbff6c90653681160d0fc9
          • Opcode Fuzzy Hash: 9f6ca3a8f1e369330c2edc3b58179a74be4a0db8b86976d5f44b850d5b093e24
          • Instruction Fuzzy Hash: 6DA1B13590022D9BDB66CF68DC88BA9B7B6BF58354F1441E9E908E7291D7709F80CF90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00211280 Relevance: 5.2, Strings: 4, Instructions: 236COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: a```$a```$gfff$gfff
          • API String ID: 0-3111149277
          • Opcode ID: 5e308c1231d39c27df485e3dc52f12f3f17b076c917dbe0a92a0917bbeb8c87b
          • Instruction ID: 98b8096a691f56519ab511446340266e0794a6f86fefff9ded91c38f76abd4c9
          • Opcode Fuzzy Hash: 5e308c1231d39c27df485e3dc52f12f3f17b076c917dbe0a92a0917bbeb8c87b
          • Instruction Fuzzy Hash: 4481C971E1060E87CF18CF99D8501EDB7B2FBE4304F54826AE915EF780E7759AA18B90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01804AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
          Download Yara Rule
          Strings
          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01843456
          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0184342A
          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01843437
          • RtlDeactivateActivationContext, xrefs: 01843425, 01843432, 01843451
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
          • API String ID: 0-1245972979
          • Opcode ID: b11edeec3a24de0c6fa1509cca91961bf52b98be9215595f16fe80faa22e0c61
          • Instruction ID: cf076c10e61f3d41288b64a334eb5df46c98a9ed000c47b64b895600b6cfd3ca
          • Opcode Fuzzy Hash: b11edeec3a24de0c6fa1509cca91961bf52b98be9215595f16fe80faa22e0c61
          • Instruction Fuzzy Hash: 29612672640B1A9BD723CF1CC891B6AB7E5FFA0B50F148519EE55DB281CB30EA41CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
          Download Yara Rule
          Strings
          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0183106B
          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018310AE
          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01831028
          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01830FE5
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
          • API String ID: 0-1468400865
          • Opcode ID: 77f7e3dfa060dba90671552c1cb3285363aaf1204e2c74e4f032096ee4bbca96
          • Instruction ID: 18536e09284054216c9be672a3c36bdfcca8257be9c7d8b7bef581b87e1c7cba
          • Opcode Fuzzy Hash: 77f7e3dfa060dba90671552c1cb3285363aaf1204e2c74e4f032096ee4bbca96
          • Instruction Fuzzy Hash: 9471D2B19043099FCB21DF18C884B9BBFA9EF95764F540468F9498B24AD734D6C8CBD2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
          Download Yara Rule
          Strings
          • LdrpDynamicShimModule, xrefs: 0183A998
          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0183A992
          • minkernel\ntdll\ldrinit.c, xrefs: 0183A9A2
          • apphelp.dll, xrefs: 017F2462
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-176724104
          • Opcode ID: 5ec33cff8cf4030134c0f0ba19603a49379e183a111b1f1e77944bae61b67ead
          • Instruction ID: 9c46732aaaecb57ad4c470b73188c0ecd5935b991b324b8a1a6178079674831f
          • Opcode Fuzzy Hash: 5ec33cff8cf4030134c0f0ba19603a49379e183a111b1f1e77944bae61b67ead
          • Instruction Fuzzy Hash: CA313572A00201AFDB359F5D9885ABABBB5FBC0B04F29406DE950E7345D7B09B42CB80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
          Download Yara Rule
          Strings
          • HEAP: , xrefs: 017E3264
          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017E327D
          • HEAP[%wZ]: , xrefs: 017E3255
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
          • API String ID: 0-617086771
          • Opcode ID: 18e7a58c45b84d6319a6814a412a8d65329212d7a1eedbc4d621670ffbe1dc1b
          • Instruction ID: 46cf24c25fde5643f41970d29fcbd8f25a06ca4bbc96ec8f5972b8f2c6eee937
          • Opcode Fuzzy Hash: 18e7a58c45b84d6319a6814a412a8d65329212d7a1eedbc4d621670ffbe1dc1b
          • Instruction Fuzzy Hash: 5792BD71A046499FEB25CF68C448BAEFBF5FF48300F188099E959AB392D735A941CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018602C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: """"$MitigationAuditOptions$MitigationOptions
          • API String ID: 0-1670051934
          • Opcode ID: 896cf63ec496b4b5ad010f500eabdf6aea144b646887d59d54990264ccabe266
          • Instruction ID: 34257800a8931064a2750246c3a633e09d001e8333e4e96f8c791b53645bcc0f
          • Opcode Fuzzy Hash: 896cf63ec496b4b5ad010f500eabdf6aea144b646887d59d54990264ccabe266
          • Instruction Fuzzy Hash: 0222BE72A047068FD724CF2DC991626BBEABBC4314F24892EF2DAC7650D771EA04CB45
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-4253913091
          • Opcode ID: bc919dac12b06bf190528f0b220d9329fc9566e274a57d7b8583b1c3e2ff2da4
          • Instruction ID: 871ae6b16bbc5ef441b4f4dab3321d323320f66dd190b280494d35129d76da29
          • Opcode Fuzzy Hash: bc919dac12b06bf190528f0b220d9329fc9566e274a57d7b8583b1c3e2ff2da4
          • Instruction Fuzzy Hash: 79F18B70700606DFEB25CF68C898B6AF7F5FB88304F1841A8E556DB385D774AA81CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
          Download Yara Rule
          Strings
          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 017D1728
          • HEAP: , xrefs: 017D1596
          • HEAP[%wZ]: , xrefs: 017D1712
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: 257fe6d273fbc4079c408ad8305eb0d49f2c2c3ee6d80e4a39106032c67decd4
          • Instruction ID: 372b2d142e279d6db836cfa27ed30fc8aeedb82838d7cf936133d1e5ae1146c0
          • Opcode Fuzzy Hash: 257fe6d273fbc4079c408ad8305eb0d49f2c2c3ee6d80e4a39106032c67decd4
          • Instruction Fuzzy Hash: E3E1E070A0425A9FDB29CF6CC451BBAFBF1AF48310F58849DE596CB246D734E940CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00212710 Relevance: 4.0, Strings: 3, Instructions: 296COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$VUUU$gfff
          • API String ID: 0-2314002932
          • Opcode ID: 640a66519bffdb2c4a3c238ab4ae3b0f2fef393b583778828ae0313e5005e83a
          • Instruction ID: c3b40cdacf76576e6316f94b6bb6d3c9e21f0a5f1fd6735a5da50209485837f1
          • Opcode Fuzzy Hash: 640a66519bffdb2c4a3c238ab4ae3b0f2fef393b583778828ae0313e5005e83a
          • Instruction Fuzzy Hash: AB91D631B201168BDB1C8D1CCD912AAB2D6EBE8315F69813AF915CF3C1E534DDBA8780
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: $@
          • API String ID: 0-1077428164
          • Opcode ID: 08bb6d8ebdcc87d4ee68aca06bf14751efa69a10c12eb44f8d9af09b20102bc4
          • Instruction ID: 370839221f5d0c809cdd9665ef5d0fbf8c59a46626fe2fc279d15542106a8009
          • Opcode Fuzzy Hash: 08bb6d8ebdcc87d4ee68aca06bf14751efa69a10c12eb44f8d9af09b20102bc4
          • Instruction Fuzzy Hash: 0AC25C716083419FEB29CF28C841BABFBE5AF88714F04896DFA89D7341D734D9458B92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: FilterFullPath$UseFilter$\??\
          • API String ID: 0-2779062949
          • Opcode ID: 5ce5e1468482c9ee1f19307cceffa7fab7131495a041c3950ae779c6c76ba18f
          • Instruction ID: 674fe861b1c696b2adf89a14c2159ccc0ca4655a21370e1c54c2248525ba49ca
          • Opcode Fuzzy Hash: 5ce5e1468482c9ee1f19307cceffa7fab7131495a041c3950ae779c6c76ba18f
          • Instruction Fuzzy Hash: 09A13C719116399BDB229B68CC88BAEB7B9EF44710F1041E9DA09E7250D7359FC4CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
          Download Yara Rule
          Strings
          • LdrpCheckModule, xrefs: 0183A117
          • Failed to allocated memory for shimmed module list, xrefs: 0183A10F
          • minkernel\ntdll\ldrinit.c, xrefs: 0183A121
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
          • API String ID: 0-161242083
          • Opcode ID: c06d2c9e01f6ba784e01d0fa52054cba5cec7d69d86530bfe4a0490681b16e46
          • Instruction ID: 1c0a139f46e718d5779cd9750cc84b39baba32cf7e5521263dae0de9fe7f9111
          • Opcode Fuzzy Hash: c06d2c9e01f6ba784e01d0fa52054cba5cec7d69d86530bfe4a0490681b16e46
          • Instruction Fuzzy Hash: 5271BB71A002059FDB29DF68C985BBEF7F5EB84704F18406DEA42E7356E634AA41CB81
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00212ECA Relevance: 3.9, Strings: 3, Instructions: 199COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: gfff$gfff$gfff
          • API String ID: 0-4275324669
          • Opcode ID: 44a9e7d1456de5a80a0af246ffed4fd9cebe2d42c222dbd02f205bebf4bb1b17
          • Instruction ID: 3d88ddc079439b6258e7a79c9f96556a090d5b07880a5be4dd136b720f117320
          • Opcode Fuzzy Hash: 44a9e7d1456de5a80a0af246ffed4fd9cebe2d42c222dbd02f205bebf4bb1b17
          • Instruction Fuzzy Hash: 21513332B1010A8BDB1CCD1CDC512E976A2EBF8304F188179E949DF7C4E535AEA68B81
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00212ED0 Relevance: 3.9, Strings: 3, Instructions: 197COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: gfff$gfff$gfff
          • API String ID: 0-4275324669
          • Opcode ID: c7e6928cb746b601a30a0df0a267a567813c2bfb209ebf2425280b603bd1684b
          • Instruction ID: e546fc67759c523f04794b398b7412a28318a7e21cc071c346c30ee8159a893b
          • Opcode Fuzzy Hash: c7e6928cb746b601a30a0df0a267a567813c2bfb209ebf2425280b603bd1684b
          • Instruction Fuzzy Hash: CE513232B1010A8BDB1CCD1CDC512E976A2EBF8304F188179E949DF7C4E535AEA68B81
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-1334570610
          • Opcode ID: dc84b77b294265dcae5bf7fdcb1fe1477e7311b96df5c8e5638fea6c3e2ec766
          • Instruction ID: 3e0fc326a6a59bccf73e0298f71f79b19f128d088ccf62d36749c44d337837eb
          • Opcode Fuzzy Hash: dc84b77b294265dcae5bf7fdcb1fe1477e7311b96df5c8e5638fea6c3e2ec766
          • Instruction Fuzzy Hash: 5B616C707003059FDB29CF28C888B6AFBE5FF49704F188599E459CB296D7B0E981CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
          Download Yara Rule
          Strings
          • Failed to reallocate the system dirs string !, xrefs: 018482D7
          • LdrpInitializePerUserWindowsDirectory, xrefs: 018482DE
          • minkernel\ntdll\ldrinit.c, xrefs: 018482E8
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1783798831
          • Opcode ID: 5e3e0ce0fe42213e2d1f5b147c3d24a9feca8d130271c35786fdc8e5363f394f
          • Instruction ID: 29a9135d5f3840571756d0af9edc8644566f3c2d22cdb8d70284f7a2a4cf8b2a
          • Opcode Fuzzy Hash: 5e3e0ce0fe42213e2d1f5b147c3d24a9feca8d130271c35786fdc8e5363f394f
          • Instruction Fuzzy Hash: EA41E4B1544309AFC722EF6CDC48B5BB7E8EF48754F104A6AF944D3295EB70DA008B91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00211110 Relevance: 3.9, Strings: 3, Instructions: 137COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gfff$gfff
          • API String ID: 0-2692852535
          • Opcode ID: 668ce7441bb8cdbb41fe6d3edda7e6762658325e1af50eddb0f9c386fc22f1b4
          • Instruction ID: edaef7f91661f12d34051bd4e26cedea39866fefdfc3ac5586608a66b436d414
          • Opcode Fuzzy Hash: 668ce7441bb8cdbb41fe6d3edda7e6762658325e1af50eddb0f9c386fc22f1b4
          • Instruction Fuzzy Hash: 3E31076271011A07CB1C8D6EDC912E9B6D6DBE4355B4C8239EE09CF7C1E9359D7186C4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0021110B Relevance: 3.9, Strings: 3, Instructions: 126COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gfff$gfff
          • API String ID: 0-2692852535
          • Opcode ID: 31cf1e9706f47a4641e7e2ef853cc33288ce4ebf9d6c2fceb1800dfba1e75b21
          • Instruction ID: 109b72aa2a1b519c3be69b8259477a2433a5b069972dd6e18dc672727a743c5d
          • Opcode Fuzzy Hash: 31cf1e9706f47a4641e7e2ef853cc33288ce4ebf9d6c2fceb1800dfba1e75b21
          • Instruction Fuzzy Hash: B031056172011B07CB1C8D6EDC917EAB6D6DBE4751B488239EE0ACF3D1E934AD718684
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
          Download Yara Rule
          Strings
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0188C1C5
          • @, xrefs: 0188C1F1
          • PreferredUILanguages, xrefs: 0188C212
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
          • API String ID: 0-2968386058
          • Opcode ID: 4b86c40a97fb99d0bda84d7c5872a5106e33e6842192f08cceca66491e42a1aa
          • Instruction ID: b7d75ceb9d69d3ec98190a7e3b0396271731734047108d559c84b640ead10bab
          • Opcode Fuzzy Hash: 4b86c40a97fb99d0bda84d7c5872a5106e33e6842192f08cceca66491e42a1aa
          • Instruction Fuzzy Hash: 6E416272A00219EBDB11EAD8C895FEEBBB8AB54704F14416AE609F7284D7749B44CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01864144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
          • API String ID: 0-1373925480
          • Opcode ID: 794ac189471dd637eff2fd39360cc1bf586577416dcf7adefe6f7ebc4b878668
          • Instruction ID: 3035b421d691819514b56174e22b18e32c7a22730be6b3c6b73b116ab1f0d93c
          • Opcode Fuzzy Hash: 794ac189471dd637eff2fd39360cc1bf586577416dcf7adefe6f7ebc4b878668
          • Instruction Fuzzy Hash: FF413432A00648CBEB26DBE9C844BADBBFDFF55344F24045ADA01EB781DB358A41CB11
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01854755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01854888
          • minkernel\ntdll\ldrredirect.c, xrefs: 01854899
          • LdrpCheckRedirection, xrefs: 0185488F
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-3154609507
          • Opcode ID: 88f8b80bb76349c9d81a18ad7c88bb0731fa37053f393b7fa3f47d8b4ee5e04f
          • Instruction ID: 1dfadcafc4037cd1500415f6c4a346eb2e904fcb6413b527b9b5ea03dc6d6117
          • Opcode Fuzzy Hash: 88f8b80bb76349c9d81a18ad7c88bb0731fa37053f393b7fa3f47d8b4ee5e04f
          • Instruction Fuzzy Hash: E941F236A042559FCBA1CE2DD840A26BBE4FF89B54F06066DED48D7311F731EA80CB81
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-2558761708
          • Opcode ID: 28d47169e6aa3ca9ea555ba45ffb736b1ef4f5c4bfbed832aaff8ceef635104f
          • Instruction ID: 1dc05f5333da453d04da1150f1fb4934229cbbd1952d3da6af9b03b986c8b8d9
          • Opcode Fuzzy Hash: 28d47169e6aa3ca9ea555ba45ffb736b1ef4f5c4bfbed832aaff8ceef635104f
          • Instruction Fuzzy Hash: 0D11DCB1314102DFDB2DDA18C899B6AF3E4EF84B1AF18816DF406CB255DB70E941C791
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 01852104
          • LdrpInitializationFailure, xrefs: 018520FA
          • Process initialization failed with status 0x%08lx, xrefs: 018520F3
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2986994758
          • Opcode ID: 479575a4543021ce836316820146b9057b22d4e9d8a192b17b155e88de66f722
          • Instruction ID: 89e892586f8d799259fcb9d75b1343f0949d1764a73b5c3460c66690e0350e06
          • Opcode Fuzzy Hash: 479575a4543021ce836316820146b9057b22d4e9d8a192b17b155e88de66f722
          • Instruction Fuzzy Hash: 24F0C275680748BFE724E64DDC56FDA7769FB40B54F540069FA00AB286DAB0BB00CA91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: #%u
          • API String ID: 48624451-232158463
          • Opcode ID: a333961571e2970837bc67cecef485f85cf9b4d56d84d915988e7c165ba540d4
          • Instruction ID: 289d1c503e140239780ede4333fd7dcc6c981cb03f27f573601f179426c48eee
          • Opcode Fuzzy Hash: a333961571e2970837bc67cecef485f85cf9b4d56d84d915988e7c165ba540d4
          • Instruction Fuzzy Hash: 68714971A0014A9FDB01DFA8C994FAEB7F8FF48704F144065E905E7251EA34EE41CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$@
          • API String ID: 0-149943524
          • Opcode ID: ae25b353c56c6acdbb283e6a37000c5f1b776a2890834c556d821fe0dbf39aad
          • Instruction ID: b460cb655192d721dd3b7d9d595cc651e54c386f1a93dee104809fc3849c98bc
          • Opcode Fuzzy Hash: ae25b353c56c6acdbb283e6a37000c5f1b776a2890834c556d821fe0dbf39aad
          • Instruction Fuzzy Hash: 89329D785083159BD724CF18C48873EFBE1EF89B58F28491EFA8587290E774DA45CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
          Download Yara Rule
          Strings
          • LdrResSearchResource Enter, xrefs: 017DAA13
          • LdrResSearchResource Exit, xrefs: 017DAA25
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
          • API String ID: 0-4066393604
          • Opcode ID: 2c101bcd62d75fefb845f7fecc420954d2d350e7e1e5bdea2bcc1352a78533a0
          • Instruction ID: c03aca5edd1b2391bed0d8644ab5133e648256a0f7a6b6e772ef18c847919d3c
          • Opcode Fuzzy Hash: 2c101bcd62d75fefb845f7fecc420954d2d350e7e1e5bdea2bcc1352a78533a0
          • Instruction Fuzzy Hash: 57E18F71A0021DAFEB22CF98C980BAEFBBABF94310F144566ED01E7251D7749A41CB51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: `$`
          • API String ID: 0-197956300
          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction ID: 4f0af97c8f1dd4bdc7df49a205b66cc396c1733a28986a73a6db4298164343f0
          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction Fuzzy Hash: 83C1C3312043469BEB29CF28C845B6BBBE5BFC4318F184A2DF696C7291D775D605CB82
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
          Download Yara Rule
          Strings
          • Failed to retrieve service checksum., xrefs: 0182EE56
          • ResIdCount less than 2., xrefs: 0182EEC9
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
          • API String ID: 0-863616075
          • Opcode ID: 9ea593f6e928096e772554f79874a6dc1e032a36973aacb0ea716c43f56ba7a1
          • Instruction ID: eff5b7cf0dfbd6093bad172ad16971eb1db923adcf49b9e54aac474e9af6bdc5
          • Opcode Fuzzy Hash: 9ea593f6e928096e772554f79874a6dc1e032a36973aacb0ea716c43f56ba7a1
          • Instruction Fuzzy Hash: CBE1E2B19087449FE325CF25C080BABFBE0FB88714F40892EE5998B381D7709949CF56
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00212A50 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: K$gfff
          • API String ID: 0-2646713004
          • Opcode ID: b5862214844fbb3abdf58bd38ef89b64896770257b1243d32dc73d86578efff3
          • Instruction ID: 22254c4186ab14d305e172a6814bb3a27d7d974a2da00b465b493bd4615a51d2
          • Opcode Fuzzy Hash: b5862214844fbb3abdf58bd38ef89b64896770257b1243d32dc73d86578efff3
          • Instruction Fuzzy Hash: E161C671B1110A8BCB1CCD49D8916EDB3E6EBE4309F18817AE905DF785EA349EB587C0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Legacy$UEFI
          • API String ID: 2994545307-634100481
          • Opcode ID: 2c97c1a2f8ab62e4b4a52199b3aa84e4593c73bc258386cf0293b4f608fb0594
          • Instruction ID: 31ade37f74386be67be2dafbb75c86b2957df036f3796f39ce61960eb1fb6503
          • Opcode Fuzzy Hash: 2c97c1a2f8ab62e4b4a52199b3aa84e4593c73bc258386cf0293b4f608fb0594
          • Instruction Fuzzy Hash: 5A615E71E0031D9FEB15DFA8C840BADBBB9FB48704F54406DE649EB251DB35AA00CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @$MUI
          • API String ID: 0-17815947
          • Opcode ID: 557f6fdedddb8872cfddc146d58cc8dfe012390d675534bc09cf3255c47b8b2b
          • Instruction ID: 6f81f6072f5dc845dd0d013ce70ba92182b9a60a047cff6a7fc34c3b1fb5fec5
          • Opcode Fuzzy Hash: 557f6fdedddb8872cfddc146d58cc8dfe012390d675534bc09cf3255c47b8b2b
          • Instruction Fuzzy Hash: FA5107B1E0021DAEDB11DFA9CC84AEEBBBDEB48754F100529E611F7294D7309A45CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
          Download Yara Rule
          Strings
          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017D063D
          • kLsE, xrefs: 017D0540
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
          • API String ID: 0-2547482624
          • Opcode ID: 8594278cd48478c818caf22f08dd89e1702b1379e8e4e46e40249bd8cb58d226
          • Instruction ID: 1192086a0967aafd97b65daa31b6e92244d5f85baa1f73309cf16d95dd6291ea
          • Opcode Fuzzy Hash: 8594278cd48478c818caf22f08dd89e1702b1379e8e4e46e40249bd8cb58d226
          • Instruction Fuzzy Hash: C051AC7150474A8FD724EF28C444AA7FBF4AF84314F24583EFAAA87241E770D545CBA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
          Download Yara Rule
          Strings
          • RtlpResUltimateFallbackInfo Enter, xrefs: 017DA2FB
          • RtlpResUltimateFallbackInfo Exit, xrefs: 017DA309
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
          • API String ID: 0-2876891731
          • Opcode ID: b99216c2e03c85c7475293dfaa2b15e1b566e9b5e9371f89e3b72534cd06199b
          • Instruction ID: 81719a24dceb63af4a48224a341ba2028937857010a61b463511dda1231519ad
          • Opcode Fuzzy Hash: b99216c2e03c85c7475293dfaa2b15e1b566e9b5e9371f89e3b72534cd06199b
          • Instruction Fuzzy Hash: B941B131A04649DBDB15CF5DC844B6EBBF6FF85704F2840A9E900DB291EBB5DA40CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Cleanup Group$Threadpool!
          • API String ID: 2994545307-4008356553
          • Opcode ID: e556f63ea5bfb5d4c4101e9b98508dd8e9cb047d5689ad205ec2c9a02cfa6358
          • Instruction ID: 44463e895dd5beb86a76dd7c0d67d143f0ba8ef85861b9b52d07e8aa9b6af25c
          • Opcode Fuzzy Hash: e556f63ea5bfb5d4c4101e9b98508dd8e9cb047d5689ad205ec2c9a02cfa6358
          • Instruction Fuzzy Hash: 7001D1B2240708AFD352DF14CD45F2677F8EB85B15F018939A658CB190E334DA04CB46
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: MUI
          • API String ID: 0-1339004836
          • Opcode ID: fe69640791552b9979754f966a0b27ab339f7b09b9558d2037f88c5101776590
          • Instruction ID: a3d2947250474db326745020d7b17bebba0e03b3c7aea5c56d933742cc2dd280
          • Opcode Fuzzy Hash: fe69640791552b9979754f966a0b27ab339f7b09b9558d2037f88c5101776590
          • Instruction Fuzzy Hash: C2825B75E0021D8FEB25CFA9C980BEDFBB5BF48310F1481A9E959AB395D7309981CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01822F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: P`vRbv
          • API String ID: 0-2392986850
          • Opcode ID: f4095619d4810f10cedb1a4da94396c72ce7146703cd0bf32b7de1c86a95bf3b
          • Instruction ID: f8d82a16a98f49a87b2d9bf6febffe5d766067db8c4016393bfa6ba242647ea6
          • Opcode Fuzzy Hash: f4095619d4810f10cedb1a4da94396c72ce7146703cd0bf32b7de1c86a95bf3b
          • Instruction Fuzzy Hash: AC42C371D0426AAEDF2BCBACD8646BDBBB1BB0D314F14801AED41E7291D6388BC1C750
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: @
          • API String ID: 0-2766056989
          • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction ID: 1f073478a53ee91cac32a4290e12e3267ede377689360eb7716e9420db250929
          • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction Fuzzy Hash: 37621770D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CF60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F2E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 5022ad96c41a6b060ab1a930885cb18527554d8889886f4c4c596f1aecbefe71
          • Instruction ID: 5db2cd6b2f11805ecab6726919427aab3338463aee9ba52274500a75e97d6d4e
          • Opcode Fuzzy Hash: 5022ad96c41a6b060ab1a930885cb18527554d8889886f4c4c596f1aecbefe71
          • Instruction Fuzzy Hash: 39F18B75608746CFDB26CF28C494A6BFBE1BF88710F08486DEA998B341DB34D945CB52
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00227C73 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction ID: e1639079ed855deab8a6694e86f414854ceee19b34e46cddbbfe8f229f7e452c
          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction Fuzzy Hash: 81022EB6E006199FDB14CF99D8805DDFBF2FF88314F1AC1AAD849A7315D6746A418F80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D2FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: PATH
          • API String ID: 0-1036084923
          • Opcode ID: 4fd054d01847754862577a8f5787b94e9068dc1688930c8900b901aba21b5b8b
          • Instruction ID: 37ad099bfbd6764eee2d318764071691c86109e3bf0c9c38e476e9603a24f11b
          • Opcode Fuzzy Hash: 4fd054d01847754862577a8f5787b94e9068dc1688930c8900b901aba21b5b8b
          • Instruction Fuzzy Hash: EBF19DB1D002199FDB25CFA8D981ABEFBB5FF48700F544029E945AB344EB35A941CB62
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: __aullrem
          • String ID:
          • API String ID: 3758378126-0
          • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction ID: 7d7d07e9270ace2f7e4017df54a321f4620cab9bd3215aef6a643a2f585be9ef
          • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction Fuzzy Hash: 35419F71F001199BDF58DFBCC8805AEF7F2FF88314B288279DA15E7285E674AA518780
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 99329e44b5f9e004b769a3897dfc69ec87c74e8abd507064f94dcf3f770c63d3
          • Instruction ID: ea14f2896ad54b69f3d58893ef64dd011d157907045756ad51b0521ca0d423ef
          • Opcode Fuzzy Hash: 99329e44b5f9e004b769a3897dfc69ec87c74e8abd507064f94dcf3f770c63d3
          • Instruction Fuzzy Hash: 0FA13C31A0836D6BDF26CA28C844BFEFBB55F55344F0450ADFE87A7181CA74DA808B64
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01884420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: d6b8cfbc213fb5953aae119b1c52a7f769a52d50c75045e54c6afe74ee45090b
          • Instruction ID: 1fbb25d327a4d30cde434196821f7be89a8e19669abb47b06a7763b80d7a8ecc
          • Opcode Fuzzy Hash: d6b8cfbc213fb5953aae119b1c52a7f769a52d50c75045e54c6afe74ee45090b
          • Instruction Fuzzy Hash: 4FA10A3360136E6AEB34FA688844BFE7BA49F56758F044498BE46DB281D774CB44CA60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01856420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 46b36055f677547c1a898fe9f45cb42c0d81f0766164552a5b1ae7db66e6500c
          • Instruction ID: fe1976b26e595833fbe772eafa619b60f13a76e6f1edf79a270ddc9500c951a8
          • Opcode Fuzzy Hash: 46b36055f677547c1a898fe9f45cb42c0d81f0766164552a5b1ae7db66e6500c
          • Instruction Fuzzy Hash: 8A917372940219AFEB21DB95CC85FAEBBB8EF18754F600055F700EB295E674AE00CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 957986af8a9bcdf78a2f35536372b33a5474b2b185f23f1b095b1a83ec262189
          • Instruction ID: 4b912e8661e60db5fce23328fc8ef52db0b81cb73bc5b4d97c6e20535ae1e597
          • Opcode Fuzzy Hash: 957986af8a9bcdf78a2f35536372b33a5474b2b185f23f1b095b1a83ec262189
          • Instruction Fuzzy Hash: 7891A072900609BEDB22AFA9DC84FAFBBB9EF45744F100069F505E7251EB34DA01CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: GlobalTags
          • API String ID: 0-1106856819
          • Opcode ID: 302543a3e277a53e6a5f9eb18125658180fb6f2035a053ed0eabaaff085bafff
          • Instruction ID: a5a5f1e1fb7319ddef91e9a80966de523ec1a396ed1724b22910c12a9b717455
          • Opcode Fuzzy Hash: 302543a3e277a53e6a5f9eb18125658180fb6f2035a053ed0eabaaff085bafff
          • Instruction Fuzzy Hash: 71716BB5E0020E8FEF28CF9CC9906ADBBB1BF59714F24812AE505E7241EB318A41CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01874978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: .mui
          • API String ID: 0-1199573805
          • Opcode ID: 174a770b20aa18d7260c6b950528379c41360755463430703efbb9045f851528
          • Instruction ID: acf943690a9f1b33d3e680a35fc07ad377f3dce6abbb1f4c96979ff44a835ddc
          • Opcode Fuzzy Hash: 174a770b20aa18d7260c6b950528379c41360755463430703efbb9045f851528
          • Instruction Fuzzy Hash: D8518472D0022A9BDB11EF99D844AAEFBB4AF18B14F054169E912FB250D774DE01CBE4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: EXT-
          • API String ID: 0-1948896318
          • Opcode ID: 70a665b47ad3e43b28de7001010c2801ae36cdf12b50405d7aa5cde9153602cb
          • Instruction ID: 2789e94426bc37d7fc437fe6d1cac619bb15acb33d4b51bc4e8b7a554bad17a0
          • Opcode Fuzzy Hash: 70a665b47ad3e43b28de7001010c2801ae36cdf12b50405d7aa5cde9153602cb
          • Instruction Fuzzy Hash: 364191725483129BD710DA79D848B6BFBE8AF8C714F440E6DF684D7280EA74DA04C797
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: BinaryHash
          • API String ID: 0-2202222882
          • Opcode ID: 8e587b65f5ca8b81161858b00a6480e1b63ca7b63f9247bc04c2b59cbb114e4a
          • Instruction ID: ad30b7e1fa78be232b1e453a0b923eed95a94964ebcb10710e6761f7f81ef199
          • Opcode Fuzzy Hash: 8e587b65f5ca8b81161858b00a6480e1b63ca7b63f9247bc04c2b59cbb114e4a
          • Instruction Fuzzy Hash: 534154B2D0112DABDB21DA54CC84FDEB77DAB44714F0045A5EB08EB141DB709F898FA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01866B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: #
          • API String ID: 0-1885708031
          • Opcode ID: b752d7cda5f6ef76f848401d3b50d72da29a19f3b588beabf9cc223914c8c687
          • Instruction ID: 99aba85182f37b05e8dfad162e6f179fb25be84674f095ee1cda8e3cee7d0be0
          • Opcode Fuzzy Hash: b752d7cda5f6ef76f848401d3b50d72da29a19f3b588beabf9cc223914c8c687
          • Instruction Fuzzy Hash: 91312C31A00B899BDB22CB6DC854BAE7BACDF54704F244028E941EB286E775DA05CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: BinaryName
          • API String ID: 0-215506332
          • Opcode ID: e72b8000ef5afb7ba4d657c8ddf589937d3560104ac48964c26ec7faf2b7538a
          • Instruction ID: a05ea6882ab8e29fc7421ab5a8b49ea663d5d19625525d3c531f36ecf1d45869
          • Opcode Fuzzy Hash: e72b8000ef5afb7ba4d657c8ddf589937d3560104ac48964c26ec7faf2b7538a
          • Instruction Fuzzy Hash: 7531313690251EAFEB16CA48C844E6FFBB8EB80724F014029E901E7291DB309F00DBE0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0023E133 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: C#
          • API String ID: 0-1784912960
          • Opcode ID: 17889cdf593c009ff7a09b2d13378b935a518682ff7a369b43d260af43f1cbdc
          • Instruction ID: f94e983692873f4b3bc2ea0cbc9fa1ab3ac318150cfec919ddca134415f233eb
          • Opcode Fuzzy Hash: 17889cdf593c009ff7a09b2d13378b935a518682ff7a369b43d260af43f1cbdc
          • Instruction Fuzzy Hash: CE31DFB2B106265BD754CE3AC880656B7E1FB88350B558739D918C3B80E774FD65CBD0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
          Download Yara Rule
          Strings
          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0185895E
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
          • API String ID: 0-702105204
          • Opcode ID: 0946887d35e2285565052d689c1ce29725843981864aeeca01b404783d89c6af
          • Instruction ID: a9e2d4175cff0da6f66ba1ba5838d05fa8c27a13f4d37a8ba2911457251098af
          • Opcode Fuzzy Hash: 0946887d35e2285565052d689c1ce29725843981864aeeca01b404783d89c6af
          • Instruction Fuzzy Hash: 6401F7313002159FEB615A5BCCC8A66BFB6EFC6754B04001EFA4296151CB30AA41CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180E8F0 Relevance: 1.0, Instructions: 985COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7dc86e2cd0d3306bdd989cbd051508ec3ddbcf0d3ed6124d91dc08da75b0d7b3
          • Instruction ID: f810901eb167da9e029a4bcbeac1742b40061e28e6e93970ed00f0ddd444a858
          • Opcode Fuzzy Hash: 7dc86e2cd0d3306bdd989cbd051508ec3ddbcf0d3ed6124d91dc08da75b0d7b3
          • Instruction Fuzzy Hash: 52821472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0181516C Relevance: .8, Instructions: 785COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8119f0750ee68df72b5376d08e7e92e450135ede01a428da64a356c6ab8b064d
          • Instruction ID: c8f51e680725bb81bfcc124fc837b445e216daa6980274d3faebe48e18146d74
          • Opcode Fuzzy Hash: 8119f0750ee68df72b5376d08e7e92e450135ede01a428da64a356c6ab8b064d
          • Instruction Fuzzy Hash: 7362A17390464AAFCF25CF08D4D14EEBB66BE92318B49C55CC89AA7609D370BB44CBD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01872000 Relevance: .8, Instructions: 757COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cbe3cba486dbb3a58240f7149d8e837a97bd697076a9a0c93b880938eef4e978
          • Instruction ID: 44838b425544c497f099bd9a67c94f28a73bbdfcd5ebf9d38e25e87cc6e782ca
          • Opcode Fuzzy Hash: cbe3cba486dbb3a58240f7149d8e837a97bd697076a9a0c93b880938eef4e978
          • Instruction Fuzzy Hash: 1F42D1326083419BE725CF68C890A6BFBE6FF88344F08092DFA96D7250D771DA45CB52
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0182739A Relevance: .7, Instructions: 705COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cf99d668ca335a2f4e1d52e0ff5123b9f15e2fdd4f3e7f41e49cbbbaf0f9e73c
          • Instruction ID: c8c6a8250fa6d0f01c7bc1e0d40e0d94c67a3d9cfbe7d848d4323337292b5db2
          • Opcode Fuzzy Hash: cf99d668ca335a2f4e1d52e0ff5123b9f15e2fdd4f3e7f41e49cbbbaf0f9e73c
          • Instruction Fuzzy Hash: CD428071A006268FDB16CF5EC4906AEFBB2FF98314B14856DE552EB341D734EA81CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FB2C0 Relevance: .6, Instructions: 629COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d2f41bb235e9fcc879964506d2b56d0e45579884afe8edbf27b71d5182af7d96
          • Instruction ID: b4262b4ac67d942505b4e6c7eea4ef0a53f383a4540bdc35e011db53cc778ce8
          • Opcode Fuzzy Hash: d2f41bb235e9fcc879964506d2b56d0e45579884afe8edbf27b71d5182af7d96
          • Instruction Fuzzy Hash: 6F329E72E00219DBDB24CFA8C994BBEBBB5FF94714F18006DE905AB391E7359901CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01868158 Relevance: .6, Instructions: 617COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7d5a4fe1101f77c72211bf34ea0100645723c3d95091aceae63387458a9aaf94
          • Instruction ID: a22478e1edda26c3f3bcf9a641b5309ad4b88e1f7e9c0314b223be18aa35cc4d
          • Opcode Fuzzy Hash: 7d5a4fe1101f77c72211bf34ea0100645723c3d95091aceae63387458a9aaf94
          • Instruction Fuzzy Hash: 94423B75A003198FEB25CF69C881BADBBF9BF49304F148199E94DEB242D7349A85CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E2840 Relevance: .6, Instructions: 605COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1babdcd1e72be32297e569930488ffea665999489f4d77429c770aee4975a4b6
          • Instruction ID: 18c426a66275e213be5d2db32d8bf7d3dc5e89f1a12c18d7df3083c68f190725
          • Opcode Fuzzy Hash: 1babdcd1e72be32297e569930488ffea665999489f4d77429c770aee4975a4b6
          • Instruction Fuzzy Hash: AF32AE70A00759ABDB25CF6DC8547BABBF2BF88304F28411DD586DB285E735AB41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187A118 Relevance: .6, Instructions: 591COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 86b6bd37c2718a901fdb4d67d2e85859e9a8434d5eb19af50edf3ae1b4f0f716
          • Instruction ID: 788ef849efa1dc6a4509162cb7c11612ba55e2c53580c1b2debe44df2a1a0650
          • Opcode Fuzzy Hash: 86b6bd37c2718a901fdb4d67d2e85859e9a8434d5eb19af50edf3ae1b4f0f716
          • Instruction Fuzzy Hash: FD22D1742046658BEB2DCF2DC09437ABBF1AF44344F0C8499E996CF286E335D692DB61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018916CC Relevance: .6, Instructions: 571COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bca365129dabb3cedd6bd2ec8c5750efa814891ab4c8dcf63d97591e078490e2
          • Instruction ID: 9410116fc17f42699400520f001d92bfe2c4b35632609029ad8da1dc3bf4b656
          • Opcode Fuzzy Hash: bca365129dabb3cedd6bd2ec8c5750efa814891ab4c8dcf63d97591e078490e2
          • Instruction Fuzzy Hash: D2229035B042178FDF19CF58C494AAAB7F2BF88324B18456DD956EB345DB30EA42CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FFB80 Relevance: .6, Instructions: 559COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fafa4d9b10bd49f9e32547b3b4d5bb88c97d4637ebb0ea29509c53a4e11a56be
          • Instruction ID: 6dca57930f8938a6c768ee3ade863bda437834a1d748e7a299584fb8798a01cf
          • Opcode Fuzzy Hash: fafa4d9b10bd49f9e32547b3b4d5bb88c97d4637ebb0ea29509c53a4e11a56be
          • Instruction Fuzzy Hash: 9422B575A0020A9FDB11DFA8C8847EFB7B5FF44300F248569EA15DB246EB74EA45CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F8DBF Relevance: .6, Instructions: 554COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: afed575969389de206cb439c51ac449cc068c10d2f939980cbfd56384dd9c98e
          • Instruction ID: 0415d2e1554985ceeb28d841a63caa7ff55c17a34970b6d3d8376f07373eb67f
          • Opcode Fuzzy Hash: afed575969389de206cb439c51ac449cc068c10d2f939980cbfd56384dd9c98e
          • Instruction Fuzzy Hash: 77224E70E0011A9BCB15CF99C4809BEFBF6BF88714B58815AEA45DB341E734EE41DBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D6A50 Relevance: .5, Instructions: 548COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 66652aca6e9bb018d99372a1a7505eee91bec1e6d0095299a0072cea8e697e68
          • Instruction ID: e6729b6dff4ee0e91c3797236e0237a8929d18e97cb142ef03daab9ca2bb63e8
          • Opcode Fuzzy Hash: 66652aca6e9bb018d99372a1a7505eee91bec1e6d0095299a0072cea8e697e68
          • Instruction Fuzzy Hash: 87327C71A04209CFDB25CF68C484AAAFBF2FF88310F2445A9E956EB351D774E941CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01892446 Relevance: .5, Instructions: 485COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b795b96fc36b8646441f2f3ccc09fa193dbffff75bb2b31164a84535a272583b
          • Instruction ID: 85e76f0b835fc8724f0d53da1296c0cc5afd42c00e92955791f3fe62b15691e6
          • Opcode Fuzzy Hash: b795b96fc36b8646441f2f3ccc09fa193dbffff75bb2b31164a84535a272583b
          • Instruction Fuzzy Hash: EE020134604655ABDF64CF2EC490379BBF2AF85304B1C819AE8D6DF682D334DA46DB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018941A2 Relevance: .5, Instructions: 452COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d4156aba4d6a253d2f8b3288e9f79b4c99eff7a5e5de732e53931231b72f73ca
          • Instruction ID: 404ec140cd5e700157d51e9cd8cfb5fd1c0d82e04eb1152198fba12416197ba8
          • Opcode Fuzzy Hash: d4156aba4d6a253d2f8b3288e9f79b4c99eff7a5e5de732e53931231b72f73ca
          • Instruction Fuzzy Hash: 000290B1E00219CFDF15CF98C6906ADBBB2FF48304F298169D556EB355D730AA42CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018AB16B Relevance: .4, Instructions: 450COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 81494055b251dd12ce72832c70f73094145a48cb7a57d983fd3a2f8ba798a6ab
          • Instruction ID: f45407fe48417d5e0a1f2d9cf51387bb5b6813e89c06fd4616e762ea46082c1c
          • Opcode Fuzzy Hash: 81494055b251dd12ce72832c70f73094145a48cb7a57d983fd3a2f8ba798a6ab
          • Instruction Fuzzy Hash: 9DF10672E006158FEB18CFADC99067DFBF5AF88310759416ED896DB381E634EA00CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00221753 Relevance: .4, Instructions: 435COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
          • Instruction ID: d033373f2daf72889585c362369e1b99f3157d370772d8b809b887978834f826
          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
          • Instruction Fuzzy Hash: 65026F73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA79BA525A90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018AA9A6 Relevance: .4, Instructions: 425COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6bb25ddbfc059d899fb4e1a001706642709f833b8a1b39b243cdea88892c71bf
          • Instruction ID: c7e1b544c51a40644bd71229297511d37c151b1f97f3df37ede7c762aa5517c1
          • Opcode Fuzzy Hash: 6bb25ddbfc059d899fb4e1a001706642709f833b8a1b39b243cdea88892c71bf
          • Instruction Fuzzy Hash: D7F1E372E005269BEB1DCEA8C5A05BDFBF5AF44300B59426AD856EB780D734EE41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F4A35 Relevance: .4, Instructions: 423COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction ID: 1b6c63ce8975351423e54f0968f8452a1d27abcb1bb7d6c38435fd159db905be
          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction Fuzzy Hash: 59F14B71E0021A9BDB15CFA9C584BAFFBB5AF48710F08816DEA06EB345E734D941CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01882F30 Relevance: .4, Instructions: 412COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7b0ac45bbe933952311de7934ef7dc4c93ebb29ade37981a487b75f25f415701
          • Instruction ID: 59da507f49dec9b09e0403385dae2c1729a739919371bf5997bb0b055b88348d
          • Opcode Fuzzy Hash: 7b0ac45bbe933952311de7934ef7dc4c93ebb29ade37981a487b75f25f415701
          • Instruction Fuzzy Hash: 6CE1F5359002869FDB24EFACD4407BEBBF2BF44B14F14841AE886EB281D735EA45CB51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0186892B Relevance: .4, Instructions: 386COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e6fab0867f2881f27b979e36ee0f55a8b235aa4b4f7faeb61eb2038d8de5e147
          • Instruction ID: fc4f33bcf9c6e68d282df1f6170dcd0773480753a8866096790eaf8f60472328
          • Opcode Fuzzy Hash: e6fab0867f2881f27b979e36ee0f55a8b235aa4b4f7faeb61eb2038d8de5e147
          • Instruction Fuzzy Hash: 2AD1E171A0070A8FDF15CF69C841AFEB7FAAF89304F188169D959E7241E735EA05CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D65D0 Relevance: .4, Instructions: 383COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e78b4f50c89325a6141449f36c18ef21d3665fa43d05bda927c8e5f3bdcf11de
          • Instruction ID: 3e8a48bf1b088b02c3551d390db5ba8993d075bc8c19f56a2cff65ae5b38d777
          • Opcode Fuzzy Hash: e78b4f50c89325a6141449f36c18ef21d3665fa43d05bda927c8e5f3bdcf11de
          • Instruction Fuzzy Hash: 92E17A716083468FC715CF28C494A6AFBF0BF89314F15896DF99987351EB31E905CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017C8397 Relevance: .4, Instructions: 380COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6edcca7d3bd33a3011686512c3b89bee270e7541db3ff95aed68c546431b5700
          • Instruction ID: 64401e788b030b9da4a3f2a760aa8fc9256785dcb312b704a0ae0e523d7b738c
          • Opcode Fuzzy Hash: 6edcca7d3bd33a3011686512c3b89bee270e7541db3ff95aed68c546431b5700
          • Instruction Fuzzy Hash: 64D1F271A0021A9BDB25CF68C880ABBF7F5FF54B04F04466DE916DB285EB34EA50CB51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FC6E0 Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8c5d4f3c196372fb1d540f45538da4d7d393fa99a7f6c63d86e45a19854360ea
          • Instruction ID: 2acd484eeff7976a28e2b35040b9c53ce95d3c8ebc4261729adbd36b69f97d64
          • Opcode Fuzzy Hash: 8c5d4f3c196372fb1d540f45538da4d7d393fa99a7f6c63d86e45a19854360ea
          • Instruction Fuzzy Hash: 12D17D31E0421D8BEB2ACE9CC545BBEFBB1FB44310F18806ED642E7385D7749A458B95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E38E0 Relevance: .3, Instructions: 349COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04385fe9f97d2c64ba2ff21e0b332060a3c48d618fdf4c8b61a34a668d02f36b
          • Instruction ID: 8c3e6b6937410d500787e9faea3b7214ab61f09917730f23dff2c1ba3d4eedf4
          • Opcode Fuzzy Hash: 04385fe9f97d2c64ba2ff21e0b332060a3c48d618fdf4c8b61a34a668d02f36b
          • Instruction Fuzzy Hash: D0E18F75A00205DFDB18CF59C494AAAFBF1FF88310F2981A9E556EB391D734EA41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01858243 Relevance: .3, Instructions: 322COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction ID: de6052908631eea0141d246928ef0687fd0fb4cf2de8feae7396142fbb2a9a61
          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction Fuzzy Hash: ECB1A374A006099FDB64DF9AC940EABBFB9FF85344F10445EAE42D7791DA70EA06CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E0535 Relevance: .3, Instructions: 300COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction ID: 09f57b9a789d2587b36d9fb9471f040cd227f085f64cbf4be7f7cf2de1f120c9
          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction Fuzzy Hash: 45B1F6317006469FDB15DB68C858BBEFBF6AF88300F284599E652D7285D770EE41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D83C0 Relevance: .3, Instructions: 281COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 36da6d339d4e427fdff6d0cc1ef1fc2143b3e18b953597a3cb9502ce78f00876
          • Instruction ID: 18365b1ebacd7e5dd220bc918e135984e7cc4d05faf0959af248093ec1291f3a
          • Opcode Fuzzy Hash: 36da6d339d4e427fdff6d0cc1ef1fc2143b3e18b953597a3cb9502ce78f00876
          • Instruction Fuzzy Hash: 82C167702083458FE764CF19C484BAAFBF4BF88704F54496DE98987291D774EA09CFA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CC427 Relevance: .3, Instructions: 280COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e14083a4fb5b7d13dad46c1656da26fd2f13244966bf91f2c064d552c40f7b0a
          • Instruction ID: 86087506c86a622330d0c9febecc5f106f7a1bb021d4fc7dc52a0895c8b5b086
          • Opcode Fuzzy Hash: e14083a4fb5b7d13dad46c1656da26fd2f13244966bf91f2c064d552c40f7b0a
          • Instruction Fuzzy Hash: 4CB17F70A002668BDB25CF68D980BA9F3B5EF54700F2485EDD50EE7285EB349EC5CB21
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FE5E7 Relevance: .3, Instructions: 278COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f3158448b2a3889562323f8e77d5b5ea1f705aaa8cc681f77378ea9941b1e17d
          • Instruction ID: 97a2290bad565616285fd6678599801bb5b8225cba0f17710fb8972e717bae67
          • Opcode Fuzzy Hash: f3158448b2a3889562323f8e77d5b5ea1f705aaa8cc681f77378ea9941b1e17d
          • Instruction Fuzzy Hash: F8A11831E006599FEB21DB5CC844BAEBBB4AB40714F090165EB10EB3A1DB749E41CBD2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01810185 Relevance: .3, Instructions: 276COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b5129d4fca98a2ed4cf939b30bde5d6a812561fef275836283330765f94286a9
          • Instruction ID: 40a9243046416f222c097272e7cb77c7c18f3663288482f88b3cc5525b54d707
          • Opcode Fuzzy Hash: b5129d4fca98a2ed4cf939b30bde5d6a812561fef275836283330765f94286a9
          • Instruction Fuzzy Hash: C2A1D372B0061A9FDB25CF69C9D0BAAB7B9FF54318F104029FA45D7285DB34EA41CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018A4500 Relevance: .3, Instructions: 275COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eaeb634986763bc1b0e4cdf092d7ca11eee63cfd97dedf64860175162e3085d0
          • Instruction ID: ce84cf324f8d555102192e0b73578581b4cd8c179583c5d48603678328529fb3
          • Opcode Fuzzy Hash: eaeb634986763bc1b0e4cdf092d7ca11eee63cfd97dedf64860175162e3085d0
          • Instruction Fuzzy Hash: 2DA1EF72A00242DFEB21DF18C984B2ABBE9FF58704F990528F585DB651D3B4EE00CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018560E0 Relevance: .3, Instructions: 264COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d4d473efb40651fe549d3e3b73c15c42182171298fbaec207a3e0b31ef2f5f9c
          • Instruction ID: cd12a194a9f9226c4bf0d312e1c6c7fc9cd457d32586e72e0e702e8c6a573745
          • Opcode Fuzzy Hash: d4d473efb40651fe549d3e3b73c15c42182171298fbaec207a3e0b31ef2f5f9c
          • Instruction Fuzzy Hash: D5919471D0021AAFDF55CF68D884BBEBBB5EB48750F654159EA10EB341E734DA009BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EE3F0 Relevance: .3, Instructions: 261COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f46b76d105cac762d63e142a52151d1352da2badd3660d415963f67175ca845d
          • Instruction ID: a7e407f526d666384c5835ab27ff49610f6cbd2c098acdda0b1b6279ffab02db
          • Opcode Fuzzy Hash: f46b76d105cac762d63e142a52151d1352da2badd3660d415963f67175ca845d
          • Instruction Fuzzy Hash: 8E913531A00216CBEB24DB18C888B7AFBE1EF89714F2944A9ED05DB345FA74DA41C791
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01804750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction ID: 5a48a423ca0522efbeb3f4f3e74376b9659e2f6e33ac196c0557c4b731a6a64d
          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction Fuzzy Hash: D2816E21A842AD8FEB534D9CCCC126DBB60FF52314F284A7ADE42DB381C664DB46D391
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0181DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
          • Instruction ID: 4693ba87eaa9ac4c4e4b2576dced834cf49d1af84664f60862216bff70950bf6
          • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
          • Instruction Fuzzy Hash: 2F918E73610A068FE725CF6DC889762BBE4FF55329B548B18D5E6CB6A4C335E611CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189F7B0 Relevance: .2, Instructions: 242COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53df759f71e57453f8e6ad906d126a21b70b88dd100c70273c6510154fb81698
          • Instruction ID: 63c9b6ef20767940cca4efb2bcc6819cae3d1d6b96e0511e5e056c91bfac661d
          • Opcode Fuzzy Hash: 53df759f71e57453f8e6ad906d126a21b70b88dd100c70273c6510154fb81698
          • Instruction Fuzzy Hash: CF91E671A1021AAFEF19CF2CC84076ABFE5AF44314F188574EA55EB285D774EA41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189F43F Relevance: .2, Instructions: 241COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff0785cae012bc8648defb7254c1d30b20b78c739cc9a5a8f9e62c98b3062d5c
          • Instruction ID: 72dc1b7c1beda2aa450e479355f34a60b8dc5d846cf04f3feb51b6180e6e9b85
          • Opcode Fuzzy Hash: ff0785cae012bc8648defb7254c1d30b20b78c739cc9a5a8f9e62c98b3062d5c
          • Instruction Fuzzy Hash: 3E91E272A002058FDF19CF79C890ABEBBF1EF88311F598169E915DB396D638DA05CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018981CC Relevance: .2, Instructions: 232COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bda67b5834f106b1782c5042091533006512735f8c4d3daeb965784525642a2c
          • Instruction ID: 0ab1d1c519f1f7616b2fd97e2b3c84c9468578b4aed4d4f8ac0b6f6406742cd3
          • Opcode Fuzzy Hash: bda67b5834f106b1782c5042091533006512735f8c4d3daeb965784525642a2c
          • Instruction Fuzzy Hash: 6D81A472E0051E9BCF14CFADC8805AEB7F1FF8A314B18426AD922E7284D774DA51DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E0E59 Relevance: .2, Instructions: 231COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4d5982a052591a7a881d9d414c5399ab307659bda0c0b27636462dc3c58024b4
          • Instruction ID: 5495e760fed613e018509db8378cb7e7f9c0bc4d4c0e6852e1e485183b35cebf
          • Opcode Fuzzy Hash: 4d5982a052591a7a881d9d414c5399ab307659bda0c0b27636462dc3c58024b4
          • Instruction Fuzzy Hash: EC81A171B001599FDB25CE6DC8889AEFBF2FFC9310B688295F8549B349D670E941CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01826ACC Relevance: .2, Instructions: 226COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b65fb5007be16ff03545c9e482012b84f9608858798499b9ba20128251d746e
          • Instruction ID: 11b52798193e29948634bca4696d4f48afe249948be6df99780d11b63f4c07c1
          • Opcode Fuzzy Hash: 9b65fb5007be16ff03545c9e482012b84f9608858798499b9ba20128251d746e
          • Instruction Fuzzy Hash: 678194B1E006299FDB19DF69C940ABEBBF9FB48700F14852EE855D7640E334DA80CB94
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188E4F6 Relevance: .2, Instructions: 224COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 68fcfadf9ba37230c974869f1355405ddec3d4491bf522e3f91cde2fe8a75cca
          • Instruction ID: 85a0426c7bb7d8e969f561dea0e2078034a619912fa5d8fc45873c132a557e8a
          • Opcode Fuzzy Hash: 68fcfadf9ba37230c974869f1355405ddec3d4491bf522e3f91cde2fe8a75cca
          • Instruction Fuzzy Hash: AA819172E002159FDB28DF98C5906ADFBF1EF89310B198169E916EB385D734DE41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189AB40 Relevance: .2, Instructions: 222COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction ID: f37dab843d5609bf2e0dac9940d0d752c9ef1b7a5705ad005542342f6d97cf24
          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction Fuzzy Hash: D6817071A0025A9FDF19CF9DC880AAEBBF2BF84314F188569D916DB384D734EA41CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180E284 Relevance: .2, Instructions: 212COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e3d691b349f0dbb02c636e623cea4bf96b567319a6b0657c3e9758b03e25e58
          • Instruction ID: 620e856ec0294b9832d402eb1925ac8924f253b6d05db72915451dc5aaff4ac0
          • Opcode Fuzzy Hash: 3e3d691b349f0dbb02c636e623cea4bf96b567319a6b0657c3e9758b03e25e58
          • Instruction Fuzzy Hash: 60814E7190060DAFDB66CFA9C880AEBBBFAFF48354F114829E555E7250DB30AE45CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FB950 Relevance: .2, Instructions: 209COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 801c470ade25e96f7ba4e369635ce8907931be5cd2d495d38ce1d285a4bfadae
          • Instruction ID: 1f0cb620d6e324bce1f5cf391f712634fcc6c8469566037338e0bde4c1451d58
          • Opcode Fuzzy Hash: 801c470ade25e96f7ba4e369635ce8907931be5cd2d495d38ce1d285a4bfadae
          • Instruction Fuzzy Hash: 4A710930204250CFE724CE2DC980777B7E1AB84715F18859DEA96CB3C5E735EA06DBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EC640 Relevance: .2, Instructions: 206COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 31723899490cb4c2f84a26e19ba489648851c47e83b4b460a8367bbea5ab5aea
          • Instruction ID: eeef00a619eb9bb89d672f3fa716ddd9cdae977b5832abca946f8fd289124bed
          • Opcode Fuzzy Hash: 31723899490cb4c2f84a26e19ba489648851c47e83b4b460a8367bbea5ab5aea
          • Instruction Fuzzy Hash: 2771BFB99046659FCB268F59D5947FEFBF0FF89710F18425AE942AB350D3349A00CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018847A0 Relevance: .2, Instructions: 202COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 52c4467fec5272a0f6246730e97c0e970237a8302e2c02bfce6dd77c873663aa
          • Instruction ID: 175581f59f3242c82c9959b17a5a2304c0ef6bfcffb2c7cb1f6765918d81c3ff
          • Opcode Fuzzy Hash: 52c4467fec5272a0f6246730e97c0e970237a8302e2c02bfce6dd77c873663aa
          • Instruction Fuzzy Hash: 00716072900206EFDB20EF99D944A9AFBF9EF94700B25416AE710DB359E7328B44CF54
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E260B Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5cbfcce2f491509af8d7c4c0ee1da43550bffde3d704447ba20088417c7d80a3
          • Instruction ID: 27933cfe7adc004bd68bae6580258f487970a4de47c27a90f0f595245b794f73
          • Opcode Fuzzy Hash: 5cbfcce2f491509af8d7c4c0ee1da43550bffde3d704447ba20088417c7d80a3
          • Instruction Fuzzy Hash: 3871D0716042429FD312DF2CC488B2AF7E9FF88310F0885AAE999CB756DB34D945CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018970E9 Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b92744607ffd74fc47c0c6b19af4dd2fb2569a7056bb007c1aa6db391d7aa2c6
          • Instruction ID: 6c5c3d0b0fd5737f25f7933d3cd9d78ca0b53c2a4030c0c1ef0af252595c036d
          • Opcode Fuzzy Hash: b92744607ffd74fc47c0c6b19af4dd2fb2569a7056bb007c1aa6db391d7aa2c6
          • Instruction Fuzzy Hash: F761F871E2061B9BDF11AEE9C8859BFB7B9AF54304F18407AE912D7240EB70DB408F91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188F0CC Relevance: .2, Instructions: 199COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e8bada621564619cdaa6603921e5a210f922c146358d67bbba8731533cb0dd85
          • Instruction ID: e574e9721d9fbfb80ce024ab0e5daf307564e3fbaf1cdda1b6b49e3009ce3062
          • Opcode Fuzzy Hash: e8bada621564619cdaa6603921e5a210f922c146358d67bbba8731533cb0dd85
          • Instruction Fuzzy Hash: 93718878A00A26DFDB25DF59C08057AB7F1FF85704B64846EDA82D7640D770EB91CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185035C Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction ID: 6ff42e4badd8da84e7e365947a4b9af2b70a769a5b43a4b0bcb32b105af5e3fa
          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction Fuzzy Hash: 28716E71A00619EFDB10DFA9C984E9EBBF9FF48704F104569E905EB250DB34EA41CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018662A0 Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2fcebc1bba3f079980b90727a05c96f8d0a34b011ee6d193e0bbcd7559efe455
          • Instruction ID: b958c35d827b0fcabdc021b8f85337427885ffa17ae5e892c10574e3e00ceace
          • Opcode Fuzzy Hash: 2fcebc1bba3f079980b90727a05c96f8d0a34b011ee6d193e0bbcd7559efe455
          • Instruction Fuzzy Hash: 2C71F432200745AFEB328F18C984F56BBEAFF44764F244518E256CB2A1EB75EA44CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D8AA0 Relevance: .2, Instructions: 197COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9013c4a34e6e9dfc6fa2f9098a24d3348bd10134e96c9e1008e33fbcf33f3498
          • Instruction ID: 9c69786b30320767d0e12917abbcc79e2f09f6e1c2dbb1f28fcb27687a0e5a37
          • Opcode Fuzzy Hash: 9013c4a34e6e9dfc6fa2f9098a24d3348bd10134e96c9e1008e33fbcf33f3498
          • Instruction Fuzzy Hash: E481AD72A1431A8FDB25CF9CD894BADB7B2BF88314F19416DD900AB295C7749E81CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189132D Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ec7dc929b1cc563e3e285da1334e39fe06ac10acc9dda2872b454834408812a
          • Instruction ID: 0dbab4db81a2395249e6453ead697ede871272efe6914752f8b12c1ce10d69f3
          • Opcode Fuzzy Hash: 9ec7dc929b1cc563e3e285da1334e39fe06ac10acc9dda2872b454834408812a
          • Instruction Fuzzy Hash: CA815E75A04206DFCB09CF58C494AAEBBF1FF48310F1981A9E859EB355D734EA41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188A250 Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4d4f5a486007bdbbe16f5fe8d447cf05a57e4acab38c28a11b3139ff3b4c389
          • Instruction ID: 9621fbf05f998e0352de289fede7a4bf9a7e7ceafcf609fbaadfb5d52ab8fc8a
          • Opcode Fuzzy Hash: a4d4f5a486007bdbbe16f5fe8d447cf05a57e4acab38c28a11b3139ff3b4c389
          • Instruction Fuzzy Hash: BA51C172505716AFD726EE6CC884E5BB7E8EBC5B54F00092ABA40DB190D770EE04C7A3
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189CE93 Relevance: .2, Instructions: 172COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction ID: 535c1ccd8aadf4f9e42457c72031bca58c059c71a191a217798f71d00f725523
          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction Fuzzy Hash: FD5147327046028BDF11CE2CC85076BBBD6AFD1390F1D856DE996C7246DBB2DB0587A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00221533 Relevance: .2, Instructions: 165COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction ID: 3c933d931571075a91e0f6cd5b585e27a8b8df04a9f3a2582b46948e7872992a
          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction Fuzzy Hash: F25170B3E14A214BD3188E09CC40635B792FFD8312B5F81BADD199B357CA74E9529A90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0022152A Relevance: .2, Instructions: 162COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2fa805adc80eab3bcf20ba4512241d2850b75dcc7a8f2c9b4ad13a7a459d28a5
          • Instruction ID: 7a437a9fbaecf8948dd927ea0e76de61f60ab3c56824862890e99551413ba4f2
          • Opcode Fuzzy Hash: 2fa805adc80eab3bcf20ba4512241d2850b75dcc7a8f2c9b4ad13a7a459d28a5
          • Instruction Fuzzy Hash: 975192B3E14A214BD318CF09CC40635B692FFD8312B5F81BEDD1A9B357CA74E9529A90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01878350 Relevance: .2, Instructions: 161COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 92365fc8abfb938715dc04d1ab83aa398fcccdc086e1dd0ff14098e5a2414975
          • Instruction ID: ff06bb3f11335c26f3437d69f90a728f0fe6bb212612e763769eab8783a7da7e
          • Opcode Fuzzy Hash: 92365fc8abfb938715dc04d1ab83aa398fcccdc086e1dd0ff14098e5a2414975
          • Instruction Fuzzy Hash: 2B51CE70900709DFD721CF6AC888A6BFBF8BF95714F10461EE292976A1C7B0E645CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180E443 Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 39697ce04fe6f0a2f6dca0379454e0446edd50bab1f73d58f7bbdc20ac05dee0
          • Instruction ID: df16e4ccd35df26eb6082cce893794373b8e4f0dda9ec394ffd0a1f01c6593cd
          • Opcode Fuzzy Hash: 39697ce04fe6f0a2f6dca0379454e0446edd50bab1f73d58f7bbdc20ac05dee0
          • Instruction Fuzzy Hash: AE516B71600A09DFCB22EF69C984E6BB3F9FF58744F41086AE552D72A0DB35EA50CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01874180 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a898abb720b5eb5fd7551334d55179a84d87eb89b37613489b0af63e628b5da4
          • Instruction ID: 4d152a1358d201efaf05045125c4c7fb1d5b69bfcf1f1f6b7c3753febab6c266
          • Opcode Fuzzy Hash: a898abb720b5eb5fd7551334d55179a84d87eb89b37613489b0af63e628b5da4
          • Instruction Fuzzy Hash: CF5146726083468FD754DF29C881A6BBBE5BFC8308F44492DF599C7250EB30DA05CB52
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F45B1 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction ID: 052e0562106824416a7b1194c28075b097fa86b7d161e76d6f524d876953df9b
          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction Fuzzy Hash: 17518B71E0420AABDF15DF98C444BAFBBB9AF48350F04406DEA02AB351E774DA44CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184D800 Relevance: .2, Instructions: 155COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0d8d192324bd686c7e0fc476754e791493f9d601b74fb878f6f0dc749cc54cad
          • Instruction ID: a10c49e670c02515f069e95816afa941bb009c7d3ce33f8ff5524064d4f5b921
          • Opcode Fuzzy Hash: 0d8d192324bd686c7e0fc476754e791493f9d601b74fb878f6f0dc749cc54cad
          • Instruction Fuzzy Hash: 2651C07460021AABEB14DF9DC480ABEBBF5FF65704F044269ED45DB780EB349A50CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185E9E0 Relevance: .2, Instructions: 154COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction ID: 6e23cd7c415419ecbf3dc07ce12206579d73b8f7eec758caf517b80caf0bd653
          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction Fuzzy Hash: 44519371D0021EABEF619E98CC84BAEFB79EB04365F154665DD12F7190E7309F408BA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01897571 Relevance: .2, Instructions: 153COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4f1a8f09e58d4c8e89796a8468eead563955dbc4af536887a2280c6a6046d03f
          • Instruction ID: 980c6a5b8b280de2dec4008b91a58c85ae04bccb9b74a43b8404cc8251e78ff4
          • Opcode Fuzzy Hash: 4f1a8f09e58d4c8e89796a8468eead563955dbc4af536887a2280c6a6046d03f
          • Instruction Fuzzy Hash: 79510571A1011AAFDF269B6CD844A6EBBB5FF88344F184129E902D7251DB74AF11CFC0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01898B28 Relevance: .2, Instructions: 152COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b2b0b1a91f2209e5abd14f00e609825a7e9f9d48a05f97aefb12c60b66aa5cf2
          • Instruction ID: 9e85108fe10ec648fead7fccfde651c210412fa3dcb4d08cb10024e60d2c5158
          • Opcode Fuzzy Hash: b2b0b1a91f2209e5abd14f00e609825a7e9f9d48a05f97aefb12c60b66aa5cf2
          • Instruction Fuzzy Hash: AA41E27070164A9BDF29DB2DC894F3BBB9AEF93324F0C8218E955C7281DB30DA01C691
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185CBF0 Relevance: .1, Instructions: 148COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3d6a26df9aa5d2274b02fba6d4fe6e42911dc2b1e2ed7a1aad6fc850c9e5d493
          • Instruction ID: 5399e1370e341d5f6b8b218f6bf72761054e2a64d990659389cde583d06ea039
          • Opcode Fuzzy Hash: 3d6a26df9aa5d2274b02fba6d4fe6e42911dc2b1e2ed7a1aad6fc850c9e5d493
          • Instruction Fuzzy Hash: 8E51697290031ADFCB60DFA9C9849AEBBB9FF48358B654529D945E3305E730AE01CF90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01855BF0 Relevance: .1, Instructions: 145COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fd100a5094f50cc9d7c9e4b874d2d46b9a0ad3c15232986eed6d702e7f7f521f
          • Instruction ID: c472f05c5c07bac659fd0a2310b700625726c291ff50b71480cf2964d8134d3f
          • Opcode Fuzzy Hash: fd100a5094f50cc9d7c9e4b874d2d46b9a0ad3c15232986eed6d702e7f7f521f
          • Instruction Fuzzy Hash: AD41EB32B403069BCBA5FBBDD84666EBAE1DF58B14B10053DEC02E7345EA74DB014B56
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180A430 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7d892b9836946318869c76e1517e6b9a2f144a13fe2c64a1595236f0e3f931c4
          • Instruction ID: 1a640d783de681149bbe2ed4f2d86d5936def6a26254877a16d33ccd8cd52f57
          • Opcode Fuzzy Hash: 7d892b9836946318869c76e1517e6b9a2f144a13fe2c64a1595236f0e3f931c4
          • Instruction Fuzzy Hash: C8410972A403099FCB6AEF6C9CC1B6A776ABB15718F01006DF956DB281EB719B008B51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189A9D3 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction ID: a21985ed1d8e504f8f5a586ba6ca9f1e0907174d4ceaa4bdaf074d2ff3d75e4b
          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction Fuzzy Hash: CE41E531A017169FDF29CF68C984A6AB7E9FF84314B09462EE912C7244EB34EE04C790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018001F8 Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 934de9dee63bc76e3ef01b3762bb82b70cafa04c5551eaa43ef99ad8ac5f7790
          • Instruction ID: c06924cf87f66f10e2f669eb7737f95f881db2a4b8b4301dea80f67c7a409bf2
          • Opcode Fuzzy Hash: 934de9dee63bc76e3ef01b3762bb82b70cafa04c5551eaa43ef99ad8ac5f7790
          • Instruction Fuzzy Hash: 6D41DC3290021D9BDB12DF98C840BEEBBB4BF49744F15812AF919F7280D7349E41CBA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FEBFC Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 57f9f432514beb20fa5b6a6e8f421ffe759f2a0d197c3fa955fbb067eed6d969
          • Instruction ID: cad8a05007b2cab08e84445496a7a52b280a180d5e2084ab4c28d79c7aad39d9
          • Opcode Fuzzy Hash: 57f9f432514beb20fa5b6a6e8f421ffe759f2a0d197c3fa955fbb067eed6d969
          • Instruction Fuzzy Hash: 7641C2726003018FD721DF28C888A2BB7E9FF88314F15486DE656C7726EB75E944CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812750 Relevance: .1, Instructions: 137COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction ID: 35d8b60455f601603b91d9431ba4f5db04fce24b4d15e3a9c8ef7446e1d641ed
          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction Fuzzy Hash: BA515C75A40219CFDB19CF58C480AAEF7B6FF84714F2481A9D916EB351EB70AE41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D6154 Relevance: .1, Instructions: 133COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 74ddd8ba1e691907978a24b41b235330cd1bef186b2a734de870a64ccdd71115
          • Instruction ID: 4b5828c7af8062cf4f7ad3c985b7ed256ba57528620171333c892c754c371963
          • Opcode Fuzzy Hash: 74ddd8ba1e691907978a24b41b235330cd1bef186b2a734de870a64ccdd71115
          • Instruction Fuzzy Hash: 3951F67090420ADFDB25DB68CC04BA9FBB5FF55314F1882A9E519E72D5E734AA81CF80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0BCD Relevance: .1, Instructions: 130COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 28295df2be27e5e9ca22d9d01a8a9fcde4c2173f7eaa3f9deac6eb6541503449
          • Instruction ID: 124138e5526a0a195480b4e739f62b8211882b597863378d07d278309715bc89
          • Opcode Fuzzy Hash: 28295df2be27e5e9ca22d9d01a8a9fcde4c2173f7eaa3f9deac6eb6541503449
          • Instruction Fuzzy Hash: 5F418F76A002289FDB22DF6CC944BEAB7B8EF49740F0500A5E948EB241D774DE80CB95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0D59 Relevance: .1, Instructions: 130COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e4d8e872cc9a87a069a6273582307fbac10f627282374f9cbaaa93bd38ac6f5
          • Instruction ID: 00beb399b61b08ae1c50d8500527d82ecd5c918b94732b0804193e8a08607f0f
          • Opcode Fuzzy Hash: 6e4d8e872cc9a87a069a6273582307fbac10f627282374f9cbaaa93bd38ac6f5
          • Instruction Fuzzy Hash: 2F41B471A003189FEB22EF29CC84B6AF7B9AB59704F00049AF945D7285D7B0EE80CB51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189866E Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction ID: 0230b561a6d43e9e66793b5bb3c1cbc3bd886324213def591f817a44ed2e5818
          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction Fuzzy Hash: BB417375B0010AABDF15DF99CC84AAFBBBAAF8A710F184069E505E7341DA70DF0187A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189F0E0 Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c7c1e650e7dcbe8f4b53bb4917a8988e2c102fa33db4d662669cae05c1ccbdf1
          • Instruction ID: 3dfa9e321c6ddae097dd98f0e2a0e9000b9c522d0fbd1b583584aaf69c025131
          • Opcode Fuzzy Hash: c7c1e650e7dcbe8f4b53bb4917a8988e2c102fa33db4d662669cae05c1ccbdf1
          • Instruction Fuzzy Hash: 1941C2712083418FD748CF29D8A597ABFE1EBC4725F44855EF995CB282CB34D909CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0021F7C9 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 402b1252615dfd4f677cc03a67a6082665c01e9e0c0718a55e5479adfa4dfcfe
          • Instruction ID: b86c182ad9bc85633fb7b95d7e747d3d2849080085ff830c03d6efdf7a488aaf
          • Opcode Fuzzy Hash: 402b1252615dfd4f677cc03a67a6082665c01e9e0c0718a55e5479adfa4dfcfe
          • Instruction Fuzzy Hash: 4D41C551A587F14ED30E876D48B9A75BFC18E9720174EC2FEDADA5F2E3C0988418D3A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0887 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 715b263353362c09434b1a3daa6f105d918867f9cf0db36b9fa4e6a6a21de0d5
          • Instruction ID: 18291b311fd79ab2effda63628eb385395ca7fe9ba3e87af8fe6e58702a3b89c
          • Opcode Fuzzy Hash: 715b263353362c09434b1a3daa6f105d918867f9cf0db36b9fa4e6a6a21de0d5
          • Instruction Fuzzy Hash: F641A0B160070A9FE325CF28C584A26F7F9FF49314F145A6DE546C7A51E730E945CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187D5B0 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fe8f24941ef8159da40c914d42ffc565dd81c58ed8a3f5da0bd147c74d0f13bd
          • Instruction ID: 08fca6799d2f504e2841da6d48387d71337577637c5984a82dcfd3d8d050da74
          • Opcode Fuzzy Hash: fe8f24941ef8159da40c914d42ffc565dd81c58ed8a3f5da0bd147c74d0f13bd
          • Instruction Fuzzy Hash: D4412030A082959FCB15CFA8C485ABAFBF1EF49304F098589E5C5CB246C735E556DBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FA470 Relevance: .1, Instructions: 127COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d6e5d3ee7530b8e098c21ff75186d1263dd3635d3a91078758f530a36028abda
          • Instruction ID: 0ab8f200ea36def2a57eb020d6484bff0c8539509b8642b8b5f9f24bce0a2ced
          • Opcode Fuzzy Hash: d6e5d3ee7530b8e098c21ff75186d1263dd3635d3a91078758f530a36028abda
          • Instruction Fuzzy Hash: 4841AE3295020ACFDB21DF6CD4987AEBBB4FB58354F2401A9D615BB395DB349A40CFA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D8BF0 Relevance: .1, Instructions: 124COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8fced125d4eb4f81e7bfce6f2c5757a6d46aa6537f289d786fe6867f77f8a938
          • Instruction ID: 32404d7dd5cd7132a87a650edb2d6d87096938281c39045a48d028a07f2955be
          • Opcode Fuzzy Hash: 8fced125d4eb4f81e7bfce6f2c5757a6d46aa6537f289d786fe6867f77f8a938
          • Instruction Fuzzy Hash: 7541543291020ACFD724CF48D894A6AFBB2FF98704F18816ED9019B259C334DA82CFD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017C8918 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b52ec8812f778f4a55499f33494ae75c53633c04b3507de2563d981a97bfc6c5
          • Instruction ID: 780e3661cdffe78d47d6f64f130a5c4395f31612107a58384f9ea11c7ba0abf2
          • Opcode Fuzzy Hash: b52ec8812f778f4a55499f33494ae75c53633c04b3507de2563d981a97bfc6c5
          • Instruction Fuzzy Hash: 9F415C315083169FD312DF69C840AABF7E9AF88B54F40092EFA95D7250E730DE448BA3
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CA020 Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction ID: 4b9b135ff496ef50fea1eb7cb726c2d661ff39a87e9c69f472a8c4e9f5e47b1d
          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction Fuzzy Hash: 61416E31A00229DBDB12DE1C8444FBAF771EB54B96F15806EEA40DB245F6338EC0C791
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D09AD Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e1bb10ab95d9d5bed8f0491287b51504f1939daaf52fd8ade99b4759f2aa88d
          • Instruction ID: c29d03ab8d90ed6f1e10d339a80518e5f2126c17d51c6dfc02a9f8568bbf460e
          • Opcode Fuzzy Hash: 3e1bb10ab95d9d5bed8f0491287b51504f1939daaf52fd8ade99b4759f2aa88d
          • Instruction Fuzzy Hash: CD415671640605EFD721CF18C844B26FBF8FF98314F248A6AE449CB251E771EA428B91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01800710 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction ID: 0937436cfc0e6783b1abbcd0683f8fa2c278be13319ca83d7204888cd646db9d
          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction Fuzzy Hash: C6412871A00609EFDB65CF98C980BAABBF8FF18744B10496DE556DB291D330AB44CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D262C Relevance: .1, Instructions: 119COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5344392f6bcf288badd5cc320ed97e83541123cc0cbfdd2518b9950d4062720b
          • Instruction ID: 654e559aa4c92572cfeb0cdc657a4b3626111f42647f73baaf65b8a879d4ed7d
          • Opcode Fuzzy Hash: 5344392f6bcf288badd5cc320ed97e83541123cc0cbfdd2518b9950d4062720b
          • Instruction Fuzzy Hash: 9C41B0B1501709CFC722EF28C944A65F7F1FF58724F2581ADC6069B6A6EB309A42CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180C8F9 Relevance: .1, Instructions: 116COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a8be61d35857e06249678379812f31e096ca2baae1c19b5338b8f9f3c6cf3936
          • Instruction ID: 3274da8a36b66df426507c325a89288fcaa0e53705f7b576ab74f75d2ec22d06
          • Opcode Fuzzy Hash: a8be61d35857e06249678379812f31e096ca2baae1c19b5338b8f9f3c6cf3936
          • Instruction Fuzzy Hash: B0315AB1A00249DFDB52CF98C440B99BBF4FF09714F2085AED119EB291D7769A42CF90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018507C3 Relevance: .1, Instructions: 114COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 537fd514e2a16d59b3dd4dc427cc7bd2ae54828eb39dbc52090d4afcdce3a76f
          • Instruction ID: a7e87544ed449cbad90ec0e5c2959960eaee0eccada92462bf664810464cfa19
          • Opcode Fuzzy Hash: 537fd514e2a16d59b3dd4dc427cc7bd2ae54828eb39dbc52090d4afcdce3a76f
          • Instruction Fuzzy Hash: 744149B25043059FD760DF29C845B9BBBE8FF88764F104A2EF998D7251E7709A04CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189EEDB Relevance: .1, Instructions: 113COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c7fc58175d45f7f068bcc96e38df3795700c94e3a14b3540fdc4002be2508ba3
          • Instruction ID: dde12d7766e7c774799ce9263df002cba9f1d9b0725e9a91abc8060de47eece1
          • Opcode Fuzzy Hash: c7fc58175d45f7f068bcc96e38df3795700c94e3a14b3540fdc4002be2508ba3
          • Instruction Fuzzy Hash: 1C419633A0402A8BCF18CF68D491979B7F5FF88304B5A41BDD906EB295DB74AE45CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018505A7 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d687a5ee104db9e8bbe96f98415c2ccf4bc4a7e16d0951eb757593abf7ec47a1
          • Instruction ID: 12b9dc66be32de641b5a6038bded93c8ab26b01279153cbf06e77a614738db28
          • Opcode Fuzzy Hash: d687a5ee104db9e8bbe96f98415c2ccf4bc4a7e16d0951eb757593abf7ec47a1
          • Instruction Fuzzy Hash: E741B1726087469FD320DF6CC840A6AB7E9FFC8700F144A29F995D7690E730EA14C7A6
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D4859 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 168cdc483016c80a790195a16b145b81e9018e58be7ddb3e13b29ad2d2bcb6ae
          • Instruction ID: 891b9b5879f2eb4c77fd799de0dc6e85b6aafab5bf1f4009c7b1f8ded1d91da2
          • Opcode Fuzzy Hash: 168cdc483016c80a790195a16b145b81e9018e58be7ddb3e13b29ad2d2bcb6ae
          • Instruction Fuzzy Hash: 0241C03060030A8FD725DF29D888B2AFBF9EF80354F14446DE6968B6A5DB70D951CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189FB76 Relevance: .1, Instructions: 109COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c7d5f81710b0a8f0717969ef9e5f023e672a3f7ed317b662591c915afb861cef
          • Instruction ID: bc4c64c606a2ea7b445922296d59e786196ea17bca0e550ccf51e17019624fb8
          • Opcode Fuzzy Hash: c7d5f81710b0a8f0717969ef9e5f023e672a3f7ed317b662591c915afb861cef
          • Instruction Fuzzy Hash: 3831B471610115AFEB188F69CC54A9BBFE5FF8C354F198524FA08CB241D674EA41C790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0021F7D3 Relevance: .1, Instructions: 108COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction ID: 7c49c374ca733c7edbe8e96adb8743f7c6b6ad5049a30baaffb3f7a77710c565
          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction Fuzzy Hash: 7D3193116586F14DD31E436D08BD675AEC18E9720174EC2FEDADA5F2F3C0888418D3A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E02E1 Relevance: .1, Instructions: 106COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction ID: a06f0333d7c988500416755d6fd45c50931028a67f0e514cabbb98d027b52309
          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction Fuzzy Hash: 76311831A04244AFDB229B68CC48B9BFFE9EF58350F0841A9F455DB356C6B49944CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187E3DB Relevance: .1, Instructions: 105COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: df43f7af7165fc88d7193d08b1307d9de8aab43f0c354b2c81fc1e46be95f156
          • Instruction ID: 8494422cdfc78f79ecf957ba63ffdd56dfebd0d6f216f222524e0d830d905c5b
          • Opcode Fuzzy Hash: df43f7af7165fc88d7193d08b1307d9de8aab43f0c354b2c81fc1e46be95f156
          • Instruction Fuzzy Hash: 9831B93574070AABD7229F698C85F6B76E8AF58B54F000068F600EB3D5DAA4DD00C7A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01884B4B Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bf7ee2f3b045522e9be59792375c6aad9554e14036e2c6f4129f807ef7984d38
          • Instruction ID: 86c64ba7348ad3a6b0bffa44d8fdcd59aa7e2456ce9d91986d309e840ccc02dd
          • Opcode Fuzzy Hash: bf7ee2f3b045522e9be59792375c6aad9554e14036e2c6f4129f807ef7984d38
          • Instruction Fuzzy Hash: BB319C322052028FC331EF19D984B26B7EAFF84360F1A446EE995CB755E731AA00CF91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D4260 Relevance: .1, Instructions: 102COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 94a25e3a1f35f986992365916f2e1ebdeef1efeda6561ed51801ae3b7058e0e8
          • Instruction ID: 976f87636102cef1e7aca46d3be8da44fab11dff1b10d92922ca7dd0cdc638bc
          • Opcode Fuzzy Hash: 94a25e3a1f35f986992365916f2e1ebdeef1efeda6561ed51801ae3b7058e0e8
          • Instruction Fuzzy Hash: D541AD71200B49DFD722CF28C885BA6BBE9BF89714F154429F69ACB651DB70E900CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01884BB0 Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a1a864c6f8fa6c31f46ee72e00180f68383d821bed5aba480d06a6d7647c78ea
          • Instruction ID: 6111583876bb36205362105704b7f45a03c3fd370c1b2d4a0f4f1f017b05aa0f
          • Opcode Fuzzy Hash: a1a864c6f8fa6c31f46ee72e00180f68383d821bed5aba480d06a6d7647c78ea
          • Instruction Fuzzy Hash: 1C317E726043028FD320EF28C880B2AB7EAFB84710F19456DEA55DB755E730EE04CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184EB1D Relevance: .1, Instructions: 100COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc46084386b5fc5a544eeb2930a7569e956f24813ddb4c9a1a745f9c63be13a3
          • Instruction ID: 900454a7df90818cf412ac0a7a7f541e3d2308606188d7fe9e3739b6d95e8b80
          • Opcode Fuzzy Hash: fc46084386b5fc5a544eeb2930a7569e956f24813ddb4c9a1a745f9c63be13a3
          • Instruction Fuzzy Hash: 5831B43160168E9BF322976CCD48F15BBD8BB44748F1D04A0AE45EB6D2DF2CDA80C225
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018961C3 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ae366bab9dc086d7d26918a0bfe1e46b9a2af73adacf5ff3a41e0f2d2985578c
          • Instruction ID: 0a748489578459997a992cc46169b2cef9de6705997ffccbfb6ff45224945d58
          • Opcode Fuzzy Hash: ae366bab9dc086d7d26918a0bfe1e46b9a2af73adacf5ff3a41e0f2d2985578c
          • Instruction Fuzzy Hash: 2831E476A0011AEBDB15DFD8CC44BAEB7B9FB48740F5941A9E900EB244E770EE00CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187483A Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6a4a01d28314d3b6b8d8da14757b791afccd9019449b2473e64d1cd7a96b4968
          • Instruction ID: 3b751a85a5e43c1cb340db691a61765a37d73e2f6425cc4831558dbb9ffdbcf3
          • Opcode Fuzzy Hash: 6a4a01d28314d3b6b8d8da14757b791afccd9019449b2473e64d1cd7a96b4968
          • Instruction Fuzzy Hash: 31313576A4012DABCB21DF58DD48BDEBBF9AB98350F1500A5E508E7260DA30DF918F91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01896BD7 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 32094ec5619223cb41ed092e359a41d91b2ad0a6b6d8ff01af00b3c662bbca37
          • Instruction ID: 1315a65d136d2cd47c7ee9ea920042336cc83100b13519ff09328eb515da8e98
          • Opcode Fuzzy Hash: 32094ec5619223cb41ed092e359a41d91b2ad0a6b6d8ff01af00b3c662bbca37
          • Instruction Fuzzy Hash: 8E317A31A002049FCB24CF79D885A4B7BF4FF88344F958469F908DF24AE674EA45CBA4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FEB20 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2ef8863c0ef8c52ba25fe9b592257c8fc565586218889f590fa7595d3c1acb75
          • Instruction ID: 1b6ca5db284dd27e0c3bafeaf171ce4d6c4b4b19e1b220fba441759f280aa182
          • Opcode Fuzzy Hash: 2ef8863c0ef8c52ba25fe9b592257c8fc565586218889f590fa7595d3c1acb75
          • Instruction Fuzzy Hash: 7231B632D00219AFDB21DEA9CC44EAFF7F9EF44750F014469E616D7260D6709E008BE1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018960B8 Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 64cf35cc2556a2c7a1a88e0c48ea21e2f175c728627688114259bfdad48be1d0
          • Instruction ID: 0d8a90828b9daf603fc38a2b91b905f5f2c719cebf3acf9550643bb85071070f
          • Opcode Fuzzy Hash: 64cf35cc2556a2c7a1a88e0c48ea21e2f175c728627688114259bfdad48be1d0
          • Instruction Fuzzy Hash: 6B31CA71B40A06EFDF129F69C850B6EB7F9AF44754F24406DE505DB352EA70DE018B90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D07AF Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 756047849040e9b2fbd53f563cc595ce00bd0aeba5f232d35d4856205ad82ece
          • Instruction ID: 8345b9585cdd3e9daa8a5b5143402354030ecf7b795346a87ff6c83d5c53a231
          • Opcode Fuzzy Hash: 756047849040e9b2fbd53f563cc595ce00bd0aeba5f232d35d4856205ad82ece
          • Instruction Fuzzy Hash: 0A31F172A4471ADFC722DE688888A6BFBB5AFD4660F01452CFD59A7310DA30DC0187E1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D8550 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a473adfa17d7d711339ddbdb3aecda02d96b87a76ff8f08d0d420150d9ed992
          • Instruction ID: 5460b38b000267bb3429facc5389004cefd3fbe7c55c6d11b6f2c8615d79d680
          • Opcode Fuzzy Hash: 4a473adfa17d7d711339ddbdb3aecda02d96b87a76ff8f08d0d420150d9ed992
          • Instruction Fuzzy Hash: 53319A716093018FE720CF19C940B2AFBE6FB88B00F58496DEA85DB351D770E948CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00213260 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7373e83532aaf7a9706c757459d55ac85f560c8d851d96632f27ca74676a1183
          • Instruction ID: 9298d9b909817d2fae7f3fbe83d667617c068e58904f6425422e3cb67b9cd08f
          • Opcode Fuzzy Hash: 7373e83532aaf7a9706c757459d55ac85f560c8d851d96632f27ca74676a1183
          • Instruction Fuzzy Hash: 7731D7727146144FC71CCF59D494A66B793AB98320B0A82AED90A4F3A5C674DD00CBC0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180A6C7 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction ID: 06ef6703d1924d17c233f928ce64e6b30679938b965f3eda21dfa8a2565bf605
          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction Fuzzy Hash: F5312CB2B00705AFE765CF6DCD41B57BBF8AB09B50F14452DA59AC3690E630EA008B60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187EBD0 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: de39398c13049d4af0228de7a0eaccc4ce6453cf99ab277d7c22c20cefc52048
          • Instruction ID: ad6df9ee95232f620451f6946164f8371f2e433ec2ec1497bf45ff60d64ea5d2
          • Opcode Fuzzy Hash: de39398c13049d4af0228de7a0eaccc4ce6453cf99ab277d7c22c20cefc52048
          • Instruction Fuzzy Hash: BC31A7B55053018FC721DF19C58485ABBF9FB89714F0489AEE4889B316E331DA45CB82
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F438F Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 172cfb8471b6799d88d10c04153deb25cc9fd3f07eb2db1e99fd6db65bda69fd
          • Instruction ID: a2be8ad66bf3258c7f0cc6cd447fe8170a480faf89a2f0c68ccc17ac336bad7d
          • Opcode Fuzzy Hash: 172cfb8471b6799d88d10c04153deb25cc9fd3f07eb2db1e99fd6db65bda69fd
          • Instruction Fuzzy Hash: 6331AF72A002059FD720EFA8C984A6BFBF9AB84304F148529D646E7755E730DA45DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CCB7E Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction ID: 7c0b0d99d5ae0bd66933dd93485d0edbd22f68fb5353ef55a5d7f2c3a3937944
          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction Fuzzy Hash: A5210936E4025AAAD712DFB9C844BAFFBB5AF14740F058479DE55E7340E270CA408790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CC156 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ec443daefd51438d9c89c2f42cb7d9c0d50ca3c4deb4892cafe886aa3ce072b3
          • Instruction ID: 0d40c36229aaeea47d1b8f83060a6f1478217bfaf229c686f112d665b03c0e25
          • Opcode Fuzzy Hash: ec443daefd51438d9c89c2f42cb7d9c0d50ca3c4deb4892cafe886aa3ce072b3
          • Instruction Fuzzy Hash: 57312C725002118FD732AF68CC44B79BBB4AF54314F5482A9DD45DB346EA74DAC6CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188C3CD Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction ID: d9468c06c676bf662c22468d459d9300759474d050c9c640f6b99af0206f4f46
          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction Fuzzy Hash: D8214B36600652A6CB25BBDD8C40AFABFB5EF40710F00801AFAA5C7695E734DB80C3B1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CE420 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d35fc3a01e74d3c914d883eac0637bf279795bea94cc79a686168858efb42f1d
          • Instruction ID: 7eba61fcd820916607af931052228e921781a8cbf29965625f2069c2005b0fb0
          • Opcode Fuzzy Hash: d35fc3a01e74d3c914d883eac0637bf279795bea94cc79a686168858efb42f1d
          • Instruction Fuzzy Hash: 8F31D432A0152C9BDB31DB18DC41FEEFBB9AB15B40F0100E9F645A7290DA749F808F90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01804588 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction ID: 9fedcdcb6a37e67c6f5e35164e6a4ce0cc59636d2847bdda1682d16fe09d4e9a
          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction Fuzzy Hash: FD219631A40609EBDB51CF98CD80A8EBBF5FF48314F108165EE25DF281E671DB058B50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018044B0 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3dba93dc3897d9bbc80497d66ad017a2cd8384d3e1bfe7a04aeaf5f82d2e88b2
          • Instruction ID: 85b715ec7b5a6a93313d474525af6041c6892eb88d3c5ee8bd9dfe29a2478026
          • Opcode Fuzzy Hash: 3dba93dc3897d9bbc80497d66ad017a2cd8384d3e1bfe7a04aeaf5f82d2e88b2
          • Instruction Fuzzy Hash: 0D21B1726447499BC722DF18D840B6BB7E4FF88760F014619FE589B685D731EA00CBA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018A03E6 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 11aa6f28b96468a36d9db6abae21dc93c79adab994d86570c0351c2188aab3c9
          • Instruction ID: 72e09ff0ab53a5964ad7d5d93e1b6c4c1dea3431a87c963986c908fbc3ac2fc8
          • Opcode Fuzzy Hash: 11aa6f28b96468a36d9db6abae21dc93c79adab994d86570c0351c2188aab3c9
          • Instruction Fuzzy Hash: FC317371B01519AFDB14CFA8C898A9FBBB9FF88358F414169F905E7201DB346E04CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CE388 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction ID: 2dfc5e871b5affec0a2f887f41aa01b800cc91eb8a2d819cb34044294af91709
          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction Fuzzy Hash: 39316931600645EFD721DBA8C884F6ABBF9EF85754F1045A9E952CB290EB30EE42CB51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184E609 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6a72f38f03e6046142edab300f443855e8246a1daf2ce3880124688f41267689
          • Instruction ID: 616fdd3f9856910eb329d6c6e307c4afab0c464dd5332f97aad816a00b6c9a46
          • Opcode Fuzzy Hash: 6a72f38f03e6046142edab300f443855e8246a1daf2ce3880124688f41267689
          • Instruction Fuzzy Hash: FC313A75A00209DFCB14CF1CC8849AEB7B6FF88314F25446AE809DB395EB75EA50CB95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018A0591 Relevance: .1, Instructions: 84COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 32668d2011d16561420bdf797d9fc03a8e99ec46eb20b943d2ce311d330015d6
          • Instruction ID: 78ef899a1bbe97754f3667ceca192776857914dc736f01f9fb6493a856c36ada
          • Opcode Fuzzy Hash: 32668d2011d16561420bdf797d9fc03a8e99ec46eb20b943d2ce311d330015d6
          • Instruction Fuzzy Hash: 8821D3326102098FF728CE2DD880AB6B7A2EFD4314FA58438FA45DB286D774FA55C750
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D8D59 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
          • Instruction ID: 24123929e66cd1787693d3e32f0f5974a86d6f21ffa732d9b1b87a0dfba7e708
          • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
          • Instruction Fuzzy Hash: 5F214831600689ABE726D72CC888B35BBF6EF84750F0D00E0DE42C76D2E364DE80C291
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018506F1 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb4134a49fc824c6159ec2cebea2654e394ad9bc690539c52212e49655d38680
          • Instruction ID: cf2438377eda1b31e1152360c77f91affdbf062d9bdfe43d74683fe247f64026
          • Opcode Fuzzy Hash: eb4134a49fc824c6159ec2cebea2654e394ad9bc690539c52212e49655d38680
          • Instruction Fuzzy Hash: 19219F71A006299BCF20DF59C881ABEB7F8FF48744B504069F941EB254E739AE41CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185019F Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 852c16f8eecc068c396c11d9c06dabbeb5d66d66375620426788917dddced9b8
          • Instruction ID: 9d918f11b37db682d286dc1f75ea0aa70774806f7a75334e0659cb3091ccb912
          • Opcode Fuzzy Hash: 852c16f8eecc068c396c11d9c06dabbeb5d66d66375620426788917dddced9b8
          • Instruction Fuzzy Hash: 61219A72600649AFD716DB6CC844F6AB7E8FF58780F1400A9F944DB6A1D634EE40CBA8
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01850283 Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c691af68bedbae7cf9730766d0ff1547c8c8c03176870f7653a31dbc28bdbc31
          • Instruction ID: 8bb4f02ca65eab606494587fc27b4e708d8596e7742f2f94e9e73c5e7915a6a4
          • Opcode Fuzzy Hash: c691af68bedbae7cf9730766d0ff1547c8c8c03176870f7653a31dbc28bdbc31
          • Instruction Fuzzy Hash: 2D21B3725043469BD721DF69D948F9BFBECEF94344F080456BD80C7262D734DA44C6A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F2835 Relevance: .1, Instructions: 73COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 834ff62e7be54510d49d2d873947ba6ce0cc424b40048eb807a4bea4c7c02bcf
          • Instruction ID: 373b8d2c76aad4df4e95b6ecf7a225aa277df7a1ff992b040f10115367d097b3
          • Opcode Fuzzy Hash: 834ff62e7be54510d49d2d873947ba6ce0cc424b40048eb807a4bea4c7c02bcf
          • Instruction Fuzzy Hash: 2121D7316456859BE326A76CCD0CB25BBD4AB45B74F1803A8FA60DB7E2DB68C9418241
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018A01AA Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2574d35f7cef79b43633e73187364c79875eb0de049c5a46eae53ba07698d41b
          • Instruction ID: 9beb92fcd2988d00a21d3862a7d43f2e0d295acc2900b09176f80ca36d889017
          • Opcode Fuzzy Hash: 2574d35f7cef79b43633e73187364c79875eb0de049c5a46eae53ba07698d41b
          • Instruction Fuzzy Hash: 2E2106712042504FD785CF1A88F48B6BFE5EFC6226B8981E6E884CB743C528D80BC7A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180A30B Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4421fdd38ee6a3dca8a27cc9883e8cbfee54763071a42cb742837ecf97982bd2
          • Instruction ID: 9c24586c7ecff922126ef1e00df2b566c3ae9c9c97e4a1c41c19c6adc4299899
          • Opcode Fuzzy Hash: 4421fdd38ee6a3dca8a27cc9883e8cbfee54763071a42cb742837ecf97982bd2
          • Instruction Fuzzy Hash: B821A979210B059FC729DF29CC00B56B7F5FF08B08F248468A509CBBA1E731EA42CB94
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188A49A Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 31e4d55e68b7472ec3b4cc507fd99d918259678c9df22591c4c66de94265820c
          • Instruction ID: 5a251ee21ff88abd2690968b1b5d369d2bd50d109104ca88b710bbc2aca8fab2
          • Opcode Fuzzy Hash: 31e4d55e68b7472ec3b4cc507fd99d918259678c9df22591c4c66de94265820c
          • Instruction Fuzzy Hash: E9115C76340B167FD72666999C44F27B6D9DBD5B30F210029B708CB2C0EB70DD0087A6
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01850946 Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7c182bbe0bee99f60f0a6b001d52e37742e782c517890df938bdfb23f94b92c6
          • Instruction ID: 612260c1d7b310906ecb4c043e4fe2474bace7497eeed8cafff252555274f75b
          • Opcode Fuzzy Hash: 7c182bbe0bee99f60f0a6b001d52e37742e782c517890df938bdfb23f94b92c6
          • Instruction Fuzzy Hash: E221C5B1E00249ABCB20DFAAD9859AEFBF8FF98700B10012EE905E7354D7749A41CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018680A8 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction ID: cc3d6898f2677fe04cc2246313045655a9b932b5419b99bd9809af0bc429ceb9
          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction Fuzzy Hash: EF218C72A00209EFDF129F98CC44BAEBBF9EF89310F204859F915E7251D734DA509B50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189EE26 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ec7b07725df0149f4b297d3c22c0c893d60ca6fbf0e60cc2358815a381c7fdf6
          • Instruction ID: 82f7852972282b6af5bf4652866c09359a8b0de01917a4eda54d09ab67a54c3e
          • Opcode Fuzzy Hash: ec7b07725df0149f4b297d3c22c0c893d60ca6fbf0e60cc2358815a381c7fdf6
          • Instruction Fuzzy Hash: 4921E133A108119F9B29CF3CC81046AF7F6EFCC31472A423AD912DB2A5D770BA118B84
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01800124 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction ID: 4be04d102d1e26d0f803252f11b014812c448335c7b392feadf28d504b1abdcf
          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction Fuzzy Hash: 3911B273601A09AFD7239B58CC45F9ABBB9EB84794F104029F604DF1D0D671EE44CB55
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D8770 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6f626c79c38065a95740176510e4891d6434d3c407508a38cb31dcd040782304
          • Instruction ID: 0c94b9bd7301a90da649b9f605161f6dfb8b21ae7f8291f44c4e91a0741f0b7d
          • Opcode Fuzzy Hash: 6f626c79c38065a95740176510e4891d6434d3c407508a38cb31dcd040782304
          • Instruction Fuzzy Hash: 5B11B2317006199BDB12CF8EC5C0A56FBF9EF8A720B19406EEE08DF304D6B2D9018791
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180AAEE Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
          • Instruction ID: 5be6ca1c64e00a806b1439128b80a8898edc422cf309fbe905eb66f497a7042d
          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
          • Instruction Fuzzy Hash: 2F219A72600B09DBD76A8F59C954A26FBE6EB94B10F10896DE546CB650C631EE00CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D80E9 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 423266678851313ed827cf2cbf03e4e7e73e7f8560a8bc2a0a0fc0032f447e9e
          • Instruction ID: 739edebe0ce4a636528cb68ba59edddc3defc28f8fb2c9bf814a3cee67ca6432
          • Opcode Fuzzy Hash: 423266678851313ed827cf2cbf03e4e7e73e7f8560a8bc2a0a0fc0032f447e9e
          • Instruction Fuzzy Hash: 54215E75A00209DFCB14CF68C581A6EFBF6FB88318F2441ADD105AB351D772AD0ACB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180674D Relevance: .1, Instructions: 65COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f18fd598d56252fc67d09ee6fb5da67f248a75717f8db97f2520939c5bf4922
          • Instruction ID: ecd4afd26bdc158e03ee4c8b3b842853f266aa3224ed477483f014f4bfbda6ef
          • Opcode Fuzzy Hash: 2f18fd598d56252fc67d09ee6fb5da67f248a75717f8db97f2520939c5bf4922
          • Instruction Fuzzy Hash: 99219075500A04EFD7618F68CC41F66B7F8FF84754F10892DE59AC7290EA30AA60CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FE8C0 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 96a8d1ddeba09514a3d9ecb21740c586ace7c2120341e73ed1b33b966695a170
          • Instruction ID: 368b2d2922be565767526f874c4d9c7d4bf2e051d1a90bd313a83054a897c857
          • Opcode Fuzzy Hash: 96a8d1ddeba09514a3d9ecb21740c586ace7c2120341e73ed1b33b966695a170
          • Instruction Fuzzy Hash: 861125327001149BCB1ACB28CC84A6BB296EFD5770B39493CEB22CB390ED30C912C291
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01866870 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b8e16344b070f1b2e3d29bbdcd1f67237974e8437dc68ca352c41d41adf15451
          • Instruction ID: cf1f9cd95f7e81d883e4e8b6854b4224ca2c4009609e173de189a8a4899ee57c
          • Opcode Fuzzy Hash: b8e16344b070f1b2e3d29bbdcd1f67237974e8437dc68ca352c41d41adf15451
          • Instruction Fuzzy Hash: B2119472240558EFC722DB6DC944F9AB7ACEF99754F214029F605DB261EA70EA01CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018066B0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9922d4246696254b42e29ec17f9f5a87dfee990f3562fe7ad498e58b0323e0d5
          • Instruction ID: d014ddbf0dcbc3b06c31f164efeded25d4612fe35dc79b8a1fc6b672e98b7dcd
          • Opcode Fuzzy Hash: 9922d4246696254b42e29ec17f9f5a87dfee990f3562fe7ad498e58b0323e0d5
          • Instruction Fuzzy Hash: F311C176A0120ADFCB66CF59C984A5ABBF8AF88710B218279D905DB355F670DE10CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0189A8E4 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction ID: c0c91b8c2f706935af9379237b9482e699097a7e5275077c3391f1fb504d4e0f
          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction Fuzzy Hash: CA11B236A00919AFDF19CB58C805A9DBBF5FF84314F098269EC55E7380E675AE51CB80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0AD0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
          • Instruction ID: 7eedff193bd16933748bf5204730b6a1d49b5c88c11c3d51b5d804a52ff76d39
          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
          • Instruction Fuzzy Hash: D22106B5A00B099FD3A0CF29C440B52BBF4FB48B10F10492EE98ACBB40E371E814CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185E7E1 Relevance: .1, Instructions: 59COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction ID: 4f9ae41b85da67565a99b579b5d3246f25d6bb07613d37294315943b2b624c94
          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction Fuzzy Hash: FC119E32600609EFE7619F48CC44B56FBE6EB55755F098429EE09DB260DB31DF40DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F27ED Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d20954f9f3c651ed1106da8490da46690503b0ec4a0fdb7da9ae1fb1ecbed280
          • Instruction ID: dd7b053a1816860ae2c53e9a002a5d7729497fef3646b71c3c5da4230c87b9c1
          • Opcode Fuzzy Hash: d20954f9f3c651ed1106da8490da46690503b0ec4a0fdb7da9ae1fb1ecbed280
          • Instruction Fuzzy Hash: 63012B313456496FE316926DDC9CF27BBDCEF80354F0900A8FA40CB391DA14DD00C2A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D4690 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d0ea9ef2dfe6f2ac789b498f1c52e2859f2134b317bc793b03611c9597b4789c
          • Instruction ID: 354021c7e87b421eb2bc1541d3ad6f9e38e26a81e159496519ae08d830375115
          • Opcode Fuzzy Hash: d0ea9ef2dfe6f2ac789b498f1c52e2859f2134b317bc793b03611c9597b4789c
          • Instruction Fuzzy Hash: A311C276240649AFEB25CF59D944F56BBB8EB85B74F064119F9069BA50C370E800CF60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01806620 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4648f2a3110240c68ccc894d8e729d363c01ec2b91d9d692315b82589cd919b5
          • Instruction ID: f7f5a61e06285da1895b00a0b6e28813ab847b22192c11b42c885475ad51871e
          • Opcode Fuzzy Hash: 4648f2a3110240c68ccc894d8e729d363c01ec2b91d9d692315b82589cd919b5
          • Instruction Fuzzy Hash: 6A11C272A00719EBDB62DF59CD80B5EFBB8EF48750F640459DA11E7284E730EE118B60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FEA2E Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f297f68c8ed6e2d7e3a0c9d20a9b0ce861a9b86e7f1d3dbcce9aac139d24ba81
          • Instruction ID: 54fad031dde3548348d94b4e23d77d2d49847e7e2050847477fd3bd785a29ccb
          • Opcode Fuzzy Hash: f297f68c8ed6e2d7e3a0c9d20a9b0ce861a9b86e7f1d3dbcce9aac139d24ba81
          • Instruction Fuzzy Hash: E2016D716002099FCB259B19E448E26FBF9FB95714F25817EE2058B664CA70AE46CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FE53E Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction ID: 1f93b26b2124e1a8471085a6501269e8559a6307c17faeb0d0d82e9512a24ce1
          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction Fuzzy Hash: AB11C6716016C69BE722971C894CB25B7D4BB80748F1E00E4DF41C7792F728CA42C2D2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185E75D Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction ID: 4409b90c826066db06505625c8c157c7dffbada0bf2627b784e8ab079e7d2ef4
          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction Fuzzy Hash: 0501D232600509AFE7619F58CD44F5AFFA9EB45754F058064EE09DB260E771DF40C790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CA250 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction ID: 2204271e06aa5975f076622b2025510af543573a6540b2b1127e9dff5ac66e08
          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction Fuzzy Hash: B40126324087399BDB318F19D840A32BBF6EF99B66700852DFC958B281E331D400CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184E1D0 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d013f92a8b8eea062c5cbb522f5da640f74e48b5462d4074e2106d4e7791fcf3
          • Instruction ID: 599fbde54f468bb42f72a56b3e17c6bdc8971b1ac0eddb6bb01320426cec69be
          • Opcode Fuzzy Hash: d013f92a8b8eea062c5cbb522f5da640f74e48b5462d4074e2106d4e7791fcf3
          • Instruction Fuzzy Hash: 7A11A132241645EFDB15EF19CD94F16BBB8FF54B44F2400A5F905DB661C635EE01CA90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D6259 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 36c4631cfc62dfd94943412c0e203b535fa1ad7e7a14bd154bb70b51680d2838
          • Instruction ID: 12a7958d83a43c03d4eb88af87d32ad94c48679788b5ebe17c28ec00c0762f59
          • Opcode Fuzzy Hash: 36c4631cfc62dfd94943412c0e203b535fa1ad7e7a14bd154bb70b51680d2838
          • Instruction Fuzzy Hash: 90115E7154121DABDB25EB68CD41FE9B2B9BF04710F6041D4A315E61E0D770AE81CF85
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01806DA0 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
          • Instruction ID: 44c62c2e292b1bf0a47f8107e489e10d48512afc0a4506a61c507e58e54c3b94
          • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
          • Instruction Fuzzy Hash: 8801F5716042196BEB669B59DC08B9FBFA4DB44B50F344019AA069B2C0F674DEA0C3E0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01856050 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 50f48ab0b98522c0b0fc1a045b46b20b0f6eef2a87f72b36d25005e9b5f4657a
          • Instruction ID: 74ba7c56fda24807191e2b82342a5b9d1e1381cc4feabf42b4018bb6d468ca23
          • Opcode Fuzzy Hash: 50f48ab0b98522c0b0fc1a045b46b20b0f6eef2a87f72b36d25005e9b5f4657a
          • Instruction Fuzzy Hash: 37111B7390011DABCB11DB94CC84DDFBBBCEF48358F044166A906E7211EA34AB55CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D208A Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction ID: dff865ee1a2afbf71926f1b3063e9621f121d1e430a3128bdc7a0a6af0d9589e
          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction Fuzzy Hash: 760128322001148BEF128A2DD884B52F777BFC4700F5941A5EE01CF247DA71CC82C7A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01866500 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 359f82f5f74f8154436bf6428205d3513dbd442480bdfd736b3542c78883bc81
          • Instruction ID: 47bd915d1e046692dd87687f1eb18d2f80858cc5e0b83650c5a3cd9559d6a510
          • Opcode Fuzzy Hash: 359f82f5f74f8154436bf6428205d3513dbd442480bdfd736b3542c78883bc81
          • Instruction Fuzzy Hash: 3911CE326001869FC701CF18C800BA2BBB9BB9A314F188159F948CB315E732E980CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185C810 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: df28c985a982db915ab05540cbe6396436e9f3897db86a1e859e297379c607c6
          • Instruction ID: 8e25e6f5dcdc7e98f426a4ca8b2a7249bbe77d96e5767b2120d4a14fb9041ae3
          • Opcode Fuzzy Hash: df28c985a982db915ab05540cbe6396436e9f3897db86a1e859e297379c607c6
          • Instruction Fuzzy Hash: AF11E8B1A002099FCB04DFA9D545AAEBBF8FF58350F14406AA905E7355D674EA018BA4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187EA60 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6757461550b67a7c98595e7fa541ab79aa64567f9be5b7f38929f600085a752d
          • Instruction ID: 972251e0d868110d4d78716d0d1da6cdef1de3bc68af64360d54b356f68fb76a
          • Opcode Fuzzy Hash: 6757461550b67a7c98595e7fa541ab79aa64567f9be5b7f38929f600085a752d
          • Instruction Fuzzy Hash: AC01D4311402119FC732BB198548D76FBF9FF72760B1584AEE6459B251CB70DE41CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CC020 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction ID: d3f1ae481e8fd5db3cfad6703ae20c5cb16b3ba0236bf5b7d2408a1d112d73a5
          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction Fuzzy Hash: BE01D832100B459FEB23D6A9C904FA7BBE9FFC5714F05491DEA46CB540DAB0E582C750
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018120F0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 706979c66722abe3ea9e8e7314102bfea1fa782358767c13607cb8023b2e6900
          • Instruction ID: 1b6145b9dc7a5d3a6a850da7a86003e78c1a069c84cb2dfac4e8fd1a5b1448b4
          • Opcode Fuzzy Hash: 706979c66722abe3ea9e8e7314102bfea1fa782358767c13607cb8023b2e6900
          • Instruction Fuzzy Hash: 7C11AD76A0020DEFCB05DF68C840EAE7BBAEB44384F104059E902DB244DB35AE11CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180E5CF Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ee8df0e25c617a3f270d45abf28fecda1cc343f28eac34985f2172ba8762adc
          • Instruction ID: 22587a1795d7d793aaa0192329d3ce714c70bea6b7982e5bf11b21a7108a97d2
          • Opcode Fuzzy Hash: 9ee8df0e25c617a3f270d45abf28fecda1cc343f28eac34985f2172ba8762adc
          • Instruction Fuzzy Hash: F301D471200605BBD211AB39CD88E53F7ECFF997547000569B205C3661DB64EC11C6A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018669C0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b2111fc656ccace8834888747e52bf23f4e6a5e2898a3b8706fdfb487b02e10f
          • Instruction ID: f774ed52247804e5df84112635e22fe39aa77dc61f861e26df903d5e2718e1a1
          • Opcode Fuzzy Hash: b2111fc656ccace8834888747e52bf23f4e6a5e2898a3b8706fdfb487b02e10f
          • Instruction Fuzzy Hash: 2101D8322146469BC320DF7DC849D6AFBECEF58765F214129E959C7180E7309A41C7D1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185C460 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6596ab5b7f04f42d409cf4052257eee58eb491910e8dfcb2c8c60805dc9f764e
          • Instruction ID: 01f7e2f53145c8d915ca09ff84ff7b3f864f57387d8aa99433b1864424f76fae
          • Opcode Fuzzy Hash: 6596ab5b7f04f42d409cf4052257eee58eb491910e8dfcb2c8c60805dc9f764e
          • Instruction Fuzzy Hash: 4E113975A0124DABDB15EF68C884EAEBBB9EB48344F004099AD01D7344DB35AA51CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185C97C Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd64f91f3d99d23ee105904a8833053948f43f7c6bab67c18b0a6ad97405c643
          • Instruction ID: eabe7316bb5fffad6b8c724766ff612288dcff2ab17c5739798bfea1d6f539ad
          • Opcode Fuzzy Hash: bd64f91f3d99d23ee105904a8833053948f43f7c6bab67c18b0a6ad97405c643
          • Instruction Fuzzy Hash: 401139B26183099FC700DF69D44695BBBF8EF98750F00455AB998D7395E630EA10CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018A4A80 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction ID: 0181064daa3f3f6c757671e490728b7b2e09f8d8527e2d46cefc975ecbfb90d0
          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction Fuzzy Hash: BE01D8322006059FEB25DA5DD854F57BBEAFBC5310F484419E642CB650DAF1F940C754
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185CA11 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 528cbace33a21e6bf82045c52fb71dad1d839b30163a9b1fc66f67e02631c3bd
          • Instruction ID: 11bac4c45f228225b9e8741ce7f881caa42462154c1842fbe31831fce08c0cfc
          • Opcode Fuzzy Hash: 528cbace33a21e6bf82045c52fb71dad1d839b30163a9b1fc66f67e02631c3bd
          • Instruction Fuzzy Hash: CB1179B26083089FC300DF6DC44194BBBE8FF99350F00851AB998D73A4E630EA00CB92
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017EE016 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction ID: 3a163bd6844a73a33556c014afb3ac92a197a573b0c82aa048c083663fddc15d
          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction Fuzzy Hash: B9018F326005949FE323871DCA4CF26BBD8EF48758F1908A1F905CB691DA38DE80C621
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017C826B Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 05b18d3486593bd0b663fe1b63c295cc28957375b28d78b00183ed1debbab8d8
          • Instruction ID: baf42ce58501f654f526463a38ce1fc4e192f861992293ba7d14427a3ab26bf9
          • Opcode Fuzzy Hash: 05b18d3486593bd0b663fe1b63c295cc28957375b28d78b00183ed1debbab8d8
          • Instruction Fuzzy Hash: C70184316045059FD714DB69DD18AAAF7AAEF84B20B15806DDE01EB645DE30DA02C692
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187EB50 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: cb876a096999d69adad3367940d76b689922d5956c28944b099b8f157457650c
          • Instruction ID: a989565bb55996fa61c49951d55d5feb686ea3530e7e8b171c0710edd41e77be
          • Opcode Fuzzy Hash: cb876a096999d69adad3367940d76b689922d5956c28944b099b8f157457650c
          • Instruction Fuzzy Hash: 2001F271240705AFD3315B19D844F12BEE8EF59F50F11882EB706DF3A4D6B0DA418B54
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D2582 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 34b180f6140e4ae96a27e9fa5e0bf239595b15dc12bed306744a142bb0115402
          • Instruction ID: 9c573ccbcf987e885c49a3dabc303c05827bbc2663e16f26ab08d2b961b37b7d
          • Opcode Fuzzy Hash: 34b180f6140e4ae96a27e9fa5e0bf239595b15dc12bed306744a142bb0115402
          • Instruction Fuzzy Hash: 08F0F432A41B24B7C7329B5A8C44F57FFF9EB88B90F144068E60697650CA30ED01DAA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FC073 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction ID: 1e65bc32b947b38d462c35bfb9c52da347a49826fe552fc50d20bfac3fdd6315
          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction Fuzzy Hash: C1F0AFB2A00615ABD325CF4D9C40E67FBEADBD5A80F048128A609CB320EA31DD05CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CC310 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction ID: 78d544aeaf8cbd74721e2484c41112b191f4239438ca2b24de15ae385253299f
          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction Fuzzy Hash: A9F0C233204A239BD73356599844B2BEE958FD5F64F1A007EF30E9B248CA648D0297D2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180CA6F Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction ID: a64f219370cfa29a260c7e77ed8ca07a034c997f20d89a68288c7d4e4a1d6cee
          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction Fuzzy Hash: E501F43260168D9BD363DB6DC849F59BBD8EF42758F0841E5FA04DB6A1DB79CA80C211
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018A61E5 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d8f5e48e38e0391205d268cbe4d051a2dcc08de1dbdd8845a43657281a0bb7fc
          • Instruction ID: a04e7c1f81280fe3b27ad96d73cbaf9006e1f109cd7a7cb7faa6c8c200d08879
          • Opcode Fuzzy Hash: d8f5e48e38e0391205d268cbe4d051a2dcc08de1dbdd8845a43657281a0bb7fc
          • Instruction Fuzzy Hash: AF014F71A0024D9FDB04DFA9D545AEEBBF8BF58314F14405AE901E7284E774EB01CB95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018563C0 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction ID: 184c69d842685d894baef0e6ce03212fdc124665cf79daf6be7b5b4040b3c18d
          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction Fuzzy Hash: 24F0127210001DBFEF019F94DD80DAF7BBDFB593D8B104125FA1192160D631DE21A7A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185A4B0 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: efb4c5b931919e4d7af6ecc68ad063f05627f23249d76d758deb7a1896fef90b
          • Instruction ID: 7349ac58b928ddfd406587af81ffa6a82085d66e22fc4fefbb3902a50d7d3fd3
          • Opcode Fuzzy Hash: efb4c5b931919e4d7af6ecc68ad063f05627f23249d76d758deb7a1896fef90b
          • Instruction Fuzzy Hash: 7B018936100109AFCF129E88D880EDA3F66FB4C758F058201FE18A6220C336DA70EF81
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CC0F0 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d67f54f3039d7b7271c7dd69a5c8041fc4819713be74e3848d9e4c0020b3bd60
          • Instruction ID: fbce810390d1a001aed6675df55635bde0e5d78c69da2eef16440d01a4d10d9d
          • Opcode Fuzzy Hash: d67f54f3039d7b7271c7dd69a5c8041fc4819713be74e3848d9e4c0020b3bd60
          • Instruction Fuzzy Hash: BAF024B13082415FF31A961E8C01B32B29AE7C0B50F7980BEEB0D8B2C1F971DC0183A4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180656A Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7794b3c0a7ef1c96ca25029bff786bc32d902b4cd3a7a6ac84c22467f26187bc
          • Instruction ID: 7524e222c0e6d56fe1682996584c3c52b07a0eaf49e344efc07a25b615513cf9
          • Opcode Fuzzy Hash: 7794b3c0a7ef1c96ca25029bff786bc32d902b4cd3a7a6ac84c22467f26187bc
          • Instruction Fuzzy Hash: 9D018C7020168D9FE7639B6CCD48F2537E8BF44B04F5801A4BA11DBADAEB29D6418610
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187437C Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction ID: 8e6739e3a850f605825cd0e88e45c3c1ac49b7648b3f378fdd83d07c7b2dcd61
          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction Fuzzy Hash: 78F08235341E1347EB76BA2E9824F3BAA95AF90B50B05053D9659CB6C0DF60DE018790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185C89D Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0cf4b20e837b23e62d7f941a5cceeafcdd689831ab7e837efa82f4bf657cd276
          • Instruction ID: 9fe69ade2f966480b1f926e466695206f618d4a4b961044f1dc2670eab81ffa0
          • Opcode Fuzzy Hash: 0cf4b20e837b23e62d7f941a5cceeafcdd689831ab7e837efa82f4bf657cd276
          • Instruction Fuzzy Hash: C1F0AF716057089FC310EF28C546A1AB7E8FF98714F40465ABC98DB394E634EA00CB96
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185E872 Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction ID: 57f89b775329823cfdfe5e19f15e1b1a39e9bd48d777e7d28566020157c99a3a
          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction Fuzzy Hash: 46F05E327156229BE3719A4ECC80F16F7A8EFD9B60F190465AE15DB664C760EE028BD0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01800854 Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction ID: 3c16c0e2e90f0d222f4298ce419f2cd447bf7cb03a235d28f269a67c98a42dbd
          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction Fuzzy Hash: FBF09072614208AEF715DB25CC05F56B6E9EF99344F148068A945D71A4FAB0DF01C654
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0185C912 Relevance: .0, Instructions: 34COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c96fe5bac0202941f6123fafa6b5623aa5ceb250977697b99df99777758c9481
          • Instruction ID: 58c1f0237d0512b8f10ff50087ca92e46bb0f7cb06dd39e3a221c5fe6a4af7ca
          • Opcode Fuzzy Hash: c96fe5bac0202941f6123fafa6b5623aa5ceb250977697b99df99777758c9481
          • Instruction Fuzzy Hash: 4DF04F71A0124D9FCB04EF69C515A5EB7F8EF18304F008055A955EB385DA38EB01CB51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D47FB Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4076cd53b43c8e1df455cdd7d1f07c9556623ff5169705afb727400897aac2e9
          • Instruction ID: 386fa67552c9baafec5128fc799fb3ccde4d3132dee684382822a28999677afa
          • Opcode Fuzzy Hash: 4076cd53b43c8e1df455cdd7d1f07c9556623ff5169705afb727400897aac2e9
          • Instruction Fuzzy Hash: ADF090319966E99FE7228B5CC04AB22FBE49B006A0F48496AD54BC7912C774D880C651
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01890115 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 236ef04c3a6b82dce3f32929821f9c62d0723be620848ad30730ca9808b33033
          • Instruction ID: 71e14b5ea7d4651284cf57b4219119db896a17748569c74a60a3dd2e6c165512
          • Opcode Fuzzy Hash: 236ef04c3a6b82dce3f32929821f9c62d0723be620848ad30730ca9808b33033
          • Instruction Fuzzy Hash: 48F020A641AE804ECF326B2C68902D13F69A742710F2D1099E9A0E7306DA74CB87CB21
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00211A8D Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f903f479e4f1820c030e9b88abcc794aa79e84a300d1475825a0763a04ac8bdd
          • Instruction ID: fdbc2592377e560425de0354fda6d1e35732e30e60d46b8124d6965f4cb431b8
          • Opcode Fuzzy Hash: f903f479e4f1820c030e9b88abcc794aa79e84a300d1475825a0763a04ac8bdd
          • Instruction Fuzzy Hash: 77E0E54025D9A654D7AE0B3C14942D87D92B9A5B6074D5757C9609E0C3D15198A7C2D0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180C5ED Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e2615d1230e08c86059ed7d9636e406e083dc106fd0fdfaf2244e20a760afbf3
          • Instruction ID: 49de37d5aed88a287fe3fbbc1cee95f3aded87643b531eeb8ab8d14c7f3579f6
          • Opcode Fuzzy Hash: e2615d1230e08c86059ed7d9636e406e083dc106fd0fdfaf2244e20a760afbf3
          • Instruction Fuzzy Hash: 8FF052714026489FE3B38F9CCC08B11BBE49B007A4F0C97ADD822C3192C360FA80CA50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812619 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction ID: 69a83d9bc6825c6a77a5ba7e162609053c221693a44a499a9a255ee223d4a7ac
          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction Fuzzy Hash: 2CE092323006016BE7119E5D8C84F5777AE9F96B14F140479B5049E295C9E29D0986A4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01866030 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction ID: b1b7622dcd3835e327dc32fcdb7f5e2f9a5c5036b67436b15819bba1f49f19af
          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction Fuzzy Hash: 3DF01C72104248AFE3218F09D944F52BBFCEB15368F65C025E609EB561E379ED40CBA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0710 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction ID: b9f1bf45bbc2d0c90a34cdf0b3bfe01c99547dbdd915583e1831543e3ec7847a
          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction Fuzzy Hash: 18F0ED3A2043599BEF1ADF19C040AA5BBF8FB45360F010094FC528F351EB31EA82CB94
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018049D0 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction ID: d89ea34dc79ddf4bc3dfad93df9562ff4cab8c0253735b07e8a9083c0a44a670
          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction Fuzzy Hash: 4EE0D83238414DABD7632A598C04B6677E5DBD47A0F150429E700CB1D1DB74DDC0D7D8
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0187678E Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction ID: 694da44324641560ed6cbc5073f1309db07e3fca9ce10a7ac99486a271f31c12
          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction Fuzzy Hash: B1E0DF32A40514BBEB22A7998D06F9ABEADDB94FE0F150054BA00EB0D0E530DF04D690
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D25E0 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f100481952033c5c25c1792de4b222c774674215cbe7958c3009050c568c76a
          • Instruction ID: cc5135a2e623435f5bfc2e016804c4f8338937f1379cea08b64c7dd708281514
          • Opcode Fuzzy Hash: 2f100481952033c5c25c1792de4b222c774674215cbe7958c3009050c568c76a
          • Instruction Fuzzy Hash: 7EE092321006549BC321FB2ADD05F9AB7EAEF64360F114525B116575A4CB30A910C794
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0188A456 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction ID: c56e1fea0f7db1328e19bfcd53841c0332691bc521c6f62883dd0cb486dbdd30
          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction Fuzzy Hash: 21E09231010A11DFEB367F2ED84CB52BAE5BF50711F148C2DA196425F0C775D9D0CA40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01854000 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction ID: 8033ce5575bd6357219ed1d64fd56fc4cb026cb367087eaeb186314ef8bcd2b0
          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction Fuzzy Hash: B3E0C2343003058FE795CF1AC044B627BB6FFD5B50F28C068A9488F209EB32E982CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180CA38 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 430a87da9b34da82dee866ef1aa26f67211b66f8b9524c0272537451acaa8877
          • Instruction ID: 1a6946086d165ae2aac378bea5412fccd9182f74d89c63e59661cc1d5ba40aad
          • Opcode Fuzzy Hash: 430a87da9b34da82dee866ef1aa26f67211b66f8b9524c0272537451acaa8877
          • Instruction Fuzzy Hash: 8CD02B724850246ECBB7EA187C08FA33B9B9B44320F0148E0F108D21A5D624CDC196D4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00211ABD Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
          • Associated: 00000000.00000002.1801093827.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_210000_YHcZGpLBUw.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8a484b09db8ee5bc459737b5c3b63ec44479f387582025a47d5b9ddb71b87a52
          • Instruction ID: 8b431d203c36f5cbe59e244d16a7de2007ac66932dab906eadb6d5b52f1f0294
          • Opcode Fuzzy Hash: 8a484b09db8ee5bc459737b5c3b63ec44479f387582025a47d5b9ddb71b87a52
          • Instruction Fuzzy Hash: C6D05B40148EF654D39F4F3848D57C4BEB6FED291574C9A97C9405E0D7E281E8A5C790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017C823B Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction ID: 8dba2cb78faceeee25bc4b9367fb2d9b4bc1e6e69c1b2ab57a5e37b06af344ed
          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction Fuzzy Hash: B8E08C32009A20EEDB322E19DC08B51B6A6FF98F10F24486DE0825A0A88670A881DA46
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D2050 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d342f4ad8c3141d23202eb5a5ee00560169aa50614a946780f356b4ab14b8b63
          • Instruction ID: c5b2da1e1695e1d8f55b2222000de4f0d2b1a6045929358df87d9fdb2ce7eee8
          • Opcode Fuzzy Hash: d342f4ad8c3141d23202eb5a5ee00560169aa50614a946780f356b4ab14b8b63
          • Instruction Fuzzy Hash: FCE08C321005546BC211FA5EDD04E5AB3EAEFA4260F100121B151876A8CA30AD01C794
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01808A90 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction ID: 6908eca031e4d5875070d8c0c5ea5905382d7113e534221d9d45b4e3fccc64b2
          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction Fuzzy Hash: F5E08633511A188BC729DE18D911B7277A4EF45720F09463EA613877C1C534E584C795
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01826AA4 Relevance: .0, Instructions: 17COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
          • Instruction ID: 3a0581b9bc3209660d1b70759d82aed2353abf836b769d6920ab77c363ddc910
          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
          • Instruction Fuzzy Hash: EAD05E36511A50AFC3329F1BEA04D13FBF9FBC8B107050A6EE94683924C670E846CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180E59C Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction ID: 54c188fc41365de0f53b56a81814e6f62449aea4a8e7c8581f59b5187eb221a9
          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction Fuzzy Hash: F9D0A7325045205BD7329A1CFC04FC373D8BB4C724F050459F015C7050C760EC41C644
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0184E908 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction ID: ddee32e0cda2bab387721af2b03921b7db882086a1d3d1a376dfeedd4a21f6c4
          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction Fuzzy Hash: 3FE0EC359506889BDF16DF59C644F5AFBF5BB94B40F150458A1089B6A4CA28E900CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017CA0E3 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction ID: 67f6afe1e8bc10b2e9c26e497a7d50af5c5ae4048c711d9992e20ed5350b7140
          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction Fuzzy Hash: FBD0223221203193CB2856556C08F63E955ABC0FE1F1A00AC340B93800C004CC82C2E0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180A830 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction ID: e39bf087aad2a30607393b295c648b17c98b11c887b994672098e6365db304fa
          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction Fuzzy Hash: 9FD022370D010CBBCB119F62CC01F907BE8E764BA0F004020B504870A0C63AE860C580
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180CA24 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb81033f999b5f412ef7db48096e73aab9c7702831b0969c6d0a2692158b0848
          • Instruction ID: 2d03120bf125b5d3e6ddf64cdf0404be12d60a5ec71907e8fe6294aacdf69e5f
          • Opcode Fuzzy Hash: cb81033f999b5f412ef7db48096e73aab9c7702831b0969c6d0a2692158b0848
          • Instruction Fuzzy Hash: 49D05230A0100A8BDF2BCF88CA59E2A7AB0FF14740B4000A8EA01D2160E328DA018A20
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017E02A0 Relevance: .0, Instructions: 13COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction ID: eb5aa686dcc401c50712b0690f35bb71e1fa5e45cefc0642fc7494407c61e3ff
          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction Fuzzy Hash: 33D09235316A80CFD61A8B0CC5A8B1573E8BB88B44F854490E441CBB22D66CD940CA40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180C700 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction ID: f95d29c44b8225df215dc44c9d021ef2b82837b90293664dd22010bf9ed1cec1
          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction Fuzzy Hash: 83C01232290648AFC712AA99CD05F02BBE9EBA8B40F000461F2058B6B0C631E820EA84
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017F0310 Relevance: .0, Instructions: 11COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction ID: fe7b71c1c7b9d3135260a42f55297490e2f8472ae3941797c2bca7b7235149ae
          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction Fuzzy Hash: 2AD0C936100248ABCB019F41C890D9AB72AEB98610F108019B919077118A31A962DA50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D0750 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction ID: 4a5c5d3b20ce2e09a354f22e18fc0e6a0b0ca7e9a909a11f62a7d262c71a92ef
          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction Fuzzy Hash: 07C04879711A468FDF16DB6AD298F49B7E4FB48740F1508D0E805CBB22E624E981CA10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01814340 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cafbd52be85449c7a347717305adf9efe75346cce059e40f0b2fbdbef03257a3
          • Instruction ID: a923d1af02283242c56a95d1f77790fd1367d7385bac18bd70aeb677362ec4a8
          • Opcode Fuzzy Hash: cafbd52be85449c7a347717305adf9efe75346cce059e40f0b2fbdbef03257a3
          • Instruction Fuzzy Hash: EE900231605810169541715848855464045A7E1301B55C011E5438554CCE148B9A5362
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01814650 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5752e5cf3484a01f5feb68733598987c111eb91c19a4f0312456f4f0250b6c75
          • Instruction ID: 609f1dfb2b3b9f99ad09f2bebf62e10c5963d5d9ebcfe2d6aa1f268be67f1f20
          • Opcode Fuzzy Hash: 5752e5cf3484a01f5feb68733598987c111eb91c19a4f0312456f4f0250b6c75
          • Instruction Fuzzy Hash: 5E900261601510464541715848054066045A7E2301395C115E5568560CCA188A99936A
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812B80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99ff4b6d3b0b6cf83487af2e2dd0d3e872aee83b8d1669bee56c64e5cd3d096c
          • Instruction ID: 560123684af33e38cf64cf2c8c6aa46f8fac9693156756b53da4abe9ff328d99
          • Opcode Fuzzy Hash: 99ff4b6d3b0b6cf83487af2e2dd0d3e872aee83b8d1669bee56c64e5cd3d096c
          • Instruction Fuzzy Hash: 0E90023120141806D50571584805686004597D1301F55C011EB038655EDA658AD57232
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812BA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 844e50f69ac2dba55915a6c0a551ef6c5da5ce557c31d2f4d45f263b6f60b103
          • Instruction ID: 6225365ee3691146d26b3fd4fc4875604f41283403c0b3b1fbfec3f2ee95ca4b
          • Opcode Fuzzy Hash: 844e50f69ac2dba55915a6c0a551ef6c5da5ce557c31d2f4d45f263b6f60b103
          • Instruction Fuzzy Hash: EE90023160541806D55171584415746004597D1301F55C011E5038654DCB558B9977A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812BE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff3b86dc7789d5c4c40c868fd5990806e4a92e9a80132d749271452877cfce15
          • Instruction ID: 68ad7d84ada682cd0181d428630341b39df23fdf48f3446cb15d4d2f21d5d8d8
          • Opcode Fuzzy Hash: ff3b86dc7789d5c4c40c868fd5990806e4a92e9a80132d749271452877cfce15
          • Instruction Fuzzy Hash: 9D90023120545846D54171584405A46005597D1305F55C011E5078694DDA258F99B762
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 760e2433f66de56084f7d21719d11dc5fd757038d0737a952316fc670c28a49c
          • Instruction ID: fb8dadb9d037d6f100ee6e2ff70bd71fd1647acdc4037a736a45a8f102287f67
          • Opcode Fuzzy Hash: 760e2433f66de56084f7d21719d11dc5fd757038d0737a952316fc670c28a49c
          • Instruction Fuzzy Hash: 3A90023120141806D5817158440564A004597D2301F95C015E5039654DCE158B9D77A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8acd668385cafe028139793b7531478e84e9a30557f8c8e85032e2f40671694c
          • Instruction ID: 1b6f9368f38854a1e7e43305ee862ba5052db39c601449f41626bd50172597bf
          • Opcode Fuzzy Hash: 8acd668385cafe028139793b7531478e84e9a30557f8c8e85032e2f40671694c
          • Instruction Fuzzy Hash: DA90026120241007450671584415616404A97E1301B55C021E6028590DC9258AD56226
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b0fd15ed0f062b28e25009031f9203da21ae45f158b3fc1fb37cd2d094ef9fc
          • Instruction ID: 6aab1816f729cc167c39f7035551b555c31879280497ed366f943b4438d5d0a2
          • Opcode Fuzzy Hash: 3b0fd15ed0f062b28e25009031f9203da21ae45f158b3fc1fb37cd2d094ef9fc
          • Instruction Fuzzy Hash: 229002A1201550964901B2588405B0A454597E1301B55C016E6068560CC9258A959236
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812AD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6ee63ff03dc3a7ed4204b00eed60b08af12dd2bcc9f772125b58428aee5a34e0
          • Instruction ID: e0d69c483c95bc1a0e120bf4ad395f9867c80954d6b142a19ee8079cab66307a
          • Opcode Fuzzy Hash: 6ee63ff03dc3a7ed4204b00eed60b08af12dd2bcc9f772125b58428aee5a34e0
          • Instruction Fuzzy Hash: 92900225211410070506B5580705507008697D6351355C021F6029550CDA218AA55222
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812AF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 975269752a315de936d7784e938b3614c08fddb2a5148f58f4673bd8f9714ff3
          • Instruction ID: ac0a6fd2832834529d3bdaa8dac944df914f2343e7c468d0d6223e2597d45f7e
          • Opcode Fuzzy Hash: 975269752a315de936d7784e938b3614c08fddb2a5148f58f4673bd8f9714ff3
          • Instruction Fuzzy Hash: 7B900225221410060546B558060550B0485A7D7351395C015F642A590CCA218AA95322
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812DB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7d8ee63614ef686d2d52fd28a0677017c8bf166f112ce6ce0794e20ed4030a8e
          • Instruction ID: a86e5fd6f110eda708b0a8b98cffb8b3c691f7d317b6f1f034d17f9d21e20fc9
          • Opcode Fuzzy Hash: 7d8ee63614ef686d2d52fd28a0677017c8bf166f112ce6ce0794e20ed4030a8e
          • Instruction Fuzzy Hash: 7890023124141406D542715844056060049A7D1341F95C012E5438554ECA558B9AAB62
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812DD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c11f828d377f4da50fc1dd1a895e2dbc5ab63ef9219f838ad9031526b3eaf216
          • Instruction ID: d88217034d2ca141f2bee9401c08eeaa4b414fa0663a9143381a8a932278f97d
          • Opcode Fuzzy Hash: c11f828d377f4da50fc1dd1a895e2dbc5ab63ef9219f838ad9031526b3eaf216
          • Instruction Fuzzy Hash: 11900221242451565946B15844055074046A7E1341795C012E6428950CC9269A9AD722
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812D00 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 472af300c02b4d2efa780bd2b5fddc53f2fc6c98d31ed6afd413cd3fd719709f
          • Instruction ID: 9cf5f0d54091d5c77c58082bc33484f58f9f9a9a2e0a5c7aaea4e7eec727a0a5
          • Opcode Fuzzy Hash: 472af300c02b4d2efa780bd2b5fddc53f2fc6c98d31ed6afd413cd3fd719709f
          • Instruction Fuzzy Hash: F490022120545446D50175585409A06004597D1305F55D011E6078595DCA358A95A232
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 753ab0bcf6f680a9e60479f8442757eef1659b41e8e550a91c68e7d0418ca8c4
          • Instruction ID: 840de6c0ca619e09f983c85e07cf1d45b48af0a1e52b729fc9abbbb9b40b09ad
          • Opcode Fuzzy Hash: 753ab0bcf6f680a9e60479f8442757eef1659b41e8e550a91c68e7d0418ca8c4
          • Instruction Fuzzy Hash: 8D90022921341006D5817158540960A004597D2302F95D415E5029558CCD158AAD5322
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 66280db40298f9fdedbf9783928bbde22fdd3499e99a9eb7662e89298d891ece
          • Instruction ID: d34d3c3e7a75ea215eb09b71a0718d6f50c9f58e6dc82c75cbc79cab4c7f4086
          • Opcode Fuzzy Hash: 66280db40298f9fdedbf9783928bbde22fdd3499e99a9eb7662e89298d891ece
          • Instruction Fuzzy Hash: 8090022130141007D541715854196064045E7E2301F55D011E5428554CDD158A9A5323
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812CA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84d475abae4b094bab51fcaaba9103775d2f48c0e9bc7ab949db6bd30c8cde0e
          • Instruction ID: 1bdf134bcdb2f85ba4fc41037815b059300b9d9e6b5f7067657f06749750b139
          • Opcode Fuzzy Hash: 84d475abae4b094bab51fcaaba9103775d2f48c0e9bc7ab949db6bd30c8cde0e
          • Instruction Fuzzy Hash: 2D90023120141406D50175985409646004597E1301F55D011EA038555ECA658AD56232
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cc02191a4922766295eeb860901008f943c0888bd5d6c0a09c4865d1355d30c5
          • Instruction ID: 239041ed5b26eea1eb1cda8da4f862c3c854d415c24eff75b10f54efee917a8c
          • Opcode Fuzzy Hash: cc02191a4922766295eeb860901008f943c0888bd5d6c0a09c4865d1355d30c5
          • Instruction Fuzzy Hash: 9B90022160541406D54171585419706005597D1301F55D011E5038554DCA598B9967A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812CF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 98b1041bca71ab43b8cdd8d8f6bd7efbbc02f099b831d581280d9a65ccfaa7aa
          • Instruction ID: 411171b1bfe5d4da1b1c0a071c30b24d380450d55b0a0e4af0c99e13578fba22
          • Opcode Fuzzy Hash: 98b1041bca71ab43b8cdd8d8f6bd7efbbc02f099b831d581280d9a65ccfaa7aa
          • Instruction Fuzzy Hash: 7090023120141407D50171585509707004597D1301F55D411E5438558DDA568A956222
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812C60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09206e9d3c50193aa89872d9fd845d8c01d74c6890fe754deee46d71a02d0983
          • Instruction ID: cc5c01b4f6cf90035e6238997820de810f116caafbe2e921f317ff46cca7c76f
          • Opcode Fuzzy Hash: 09206e9d3c50193aa89872d9fd845d8c01d74c6890fe754deee46d71a02d0983
          • Instruction Fuzzy Hash: BF90023120141846D50171584405B46004597E1301F55C016E5138654DCA15CA957622
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 13cb389ae476d0ef52cd17d278a4fa07f95ac71ad8ad8ad1813e99a4aa31ac6f
          • Instruction ID: 64ee5e008ccd1cbe1113d2d323223580a9ca97d6900696a487d90a2a79887d76
          • Opcode Fuzzy Hash: 13cb389ae476d0ef52cd17d278a4fa07f95ac71ad8ad8ad1813e99a4aa31ac6f
          • Instruction Fuzzy Hash: C390023120149806D5117158840574A004597D1301F59C411E9438658DCA958AD57222
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812F90 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b8a4d680c67ee9e4357e743eda9a3d191f39cbbf1faab40fdbc875ffa58da3d7
          • Instruction ID: 8beed3f05b6e7147c2b13ccb9e1baa906f22dc98a5b2b5a0f7ea9d5c96758365
          • Opcode Fuzzy Hash: b8a4d680c67ee9e4357e743eda9a3d191f39cbbf1faab40fdbc875ffa58da3d7
          • Instruction Fuzzy Hash: 3E90023120181406D5017158481570B004597D1302F55C011E6178555DCA258A956672
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812FA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 647d8bd37a7c817aa7247e9c36bc2450dd6eb5ad0ab502c688614d51dadc4b98
          • Instruction ID: fdcdca2c39e05ca06bbf546ad167a1c05602ca3ecdbccd4c21556df75494c4b8
          • Opcode Fuzzy Hash: 647d8bd37a7c817aa7247e9c36bc2450dd6eb5ad0ab502c688614d51dadc4b98
          • Instruction Fuzzy Hash: 1B90023120181406D50171584809747004597D1302F55C011EA178555ECA65CAD56632
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812FB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 176feaf1d25c62d662d97d0db6070e55bc279f2cb09aefbae1c28300770f112c
          • Instruction ID: 759e33711e3df367780cf9474ebbcf2b491d37e92b9842ac0eedf854ce6f1669
          • Opcode Fuzzy Hash: 176feaf1d25c62d662d97d0db6070e55bc279f2cb09aefbae1c28300770f112c
          • Instruction Fuzzy Hash: 24900221601410464541716888459064045BBE2311755C121E59AC550DC9598AA95766
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812FE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1a1edaa1aeffab37fc1789eb442f384a1d1d208c07960e651d618cbabfdd27bb
          • Instruction ID: 8614b132e70a6243bdc4cf5812171f364d3e988628d5cb6e27cbefc664eedbda
          • Opcode Fuzzy Hash: 1a1edaa1aeffab37fc1789eb442f384a1d1d208c07960e651d618cbabfdd27bb
          • Instruction Fuzzy Hash: A7900221211C1046D60175684C15B07004597D1303F55C115E5168554CCD158AA55622
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d2d17d35e1868b077667bcbed9f9308f7975c6b7e4de0f7e0d6eec18d54dff5c
          • Instruction ID: 5700324175ab69474d0c10da38491c1bcccd53e156d4b02f542af856cf161805
          • Opcode Fuzzy Hash: d2d17d35e1868b077667bcbed9f9308f7975c6b7e4de0f7e0d6eec18d54dff5c
          • Instruction Fuzzy Hash: 6990026134141446D50171584415B060045D7E2301F55C015E6078554DCA19CE966227
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812F60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f453cf8ade48072803efe4366b2491584fa533fbb10d117123d620878b40b0a4
          • Instruction ID: 8ed9bf3dc91fd6663943fc9ebb2317b114dd5a3740c309ad2c0225faba20c56d
          • Opcode Fuzzy Hash: f453cf8ade48072803efe4366b2491584fa533fbb10d117123d620878b40b0a4
          • Instruction Fuzzy Hash: 2090026121141046D50571584405706008597E2301F55C012E7168554CC9298EA55226
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812E80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 342b3d850a5e30f70603d95a8a84ffc1171f3688748fb2a752784120649bf29f
          • Instruction ID: 65222a017326953917af94158765b43a8fda1cf4ac512d8310845f4d0d3867bd
          • Opcode Fuzzy Hash: 342b3d850a5e30f70603d95a8a84ffc1171f3688748fb2a752784120649bf29f
          • Instruction Fuzzy Hash: 8A90022160141506D50271584405616004A97D1341F95C022E6038555ECE258BD6A232
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812EA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc7f6e2a4e9320cb844035cd72347900077fb40d573ec0caf8406ebd44440bbc
          • Instruction ID: c51dc206bc289ea4f209eaffcade76dae3bcfbaa3498d411fd26e6855a7510de
          • Opcode Fuzzy Hash: fc7f6e2a4e9320cb844035cd72347900077fb40d573ec0caf8406ebd44440bbc
          • Instruction Fuzzy Hash: 7290027120141406D54171584405746004597D1301F55C011EA078554ECA598FD96766
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812EE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 520e3601b6916d723b4b88de85a800269f1b5b1355be2ce3e526910babe72da2
          • Instruction ID: 64a515b884a7f9f0855c79b5b8dee351980096653504fdccf60eac43770b6814
          • Opcode Fuzzy Hash: 520e3601b6916d723b4b88de85a800269f1b5b1355be2ce3e526910babe72da2
          • Instruction Fuzzy Hash: 9D90026120181407D54175584805607004597D1302F55C011E7078555ECE298E956236
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812E30 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 569ee20a331bd790c95f7da12d605b8743e92b6a2c65cd409af253fdf0f16d76
          • Instruction ID: a6715fb30759c359b7a7db3f9414e2e272970355bf68ee7a7152dd542d324e89
          • Opcode Fuzzy Hash: 569ee20a331bd790c95f7da12d605b8743e92b6a2c65cd409af253fdf0f16d76
          • Instruction Fuzzy Hash: 9390022130141406D503715844156060049D7D2345F95C012E6438555DCA258B97A233
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01813090 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 239705dd7af3ab68df78c6d2e5f28048c8b0fba86895afb148b51a2e76d55b05
          • Instruction ID: 0214d1af6c8680543e1a57658f4cc2728965256b61e7002fedb4628d04e8ff33
          • Opcode Fuzzy Hash: 239705dd7af3ab68df78c6d2e5f28048c8b0fba86895afb148b51a2e76d55b05
          • Instruction Fuzzy Hash: 0E90022124141806D541715884157070046D7D1701F55C011E5038554DCA168BA967B2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01813010 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: af4fe0a41535251c33f00e8d30e960af0e854e8ddaa160ec43d369e0c35f5608
          • Instruction ID: ccb7e47dc973f41b644dd80a9666900fade5e321a3b27c7c78ed59092942c323
          • Opcode Fuzzy Hash: af4fe0a41535251c33f00e8d30e960af0e854e8ddaa160ec43d369e0c35f5608
          • Instruction Fuzzy Hash: B590022120185446D54172584805B0F414597E2302F95C019E916A554CCD158A995722
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018135C0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b521ac98b6a3ac880985078c55c6cb4fa047887e037e4c485760f01774324154
          • Instruction ID: 54c10105b04716dc5ac85bad8c0aed57fb5347fcacc74c9137f577b6d3274b23
          • Opcode Fuzzy Hash: b521ac98b6a3ac880985078c55c6cb4fa047887e037e4c485760f01774324154
          • Instruction Fuzzy Hash: 7E90023160551406D50171584515706104597D1301F65C411E5438568DCB958B9566A3
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018139B0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc182a37bb4a1e11e56f431408a46aa9f08cf1d24b0bff99b02e7f5ea6d2ba9b
          • Instruction ID: 0b2319c721bc8453001c9681bfea233ea5ac0b1a5370630f267a0a2d2343300e
          • Opcode Fuzzy Hash: fc182a37bb4a1e11e56f431408a46aa9f08cf1d24b0bff99b02e7f5ea6d2ba9b
          • Instruction Fuzzy Hash: D190022124546106D551715C44056164045B7E1301F55C021E5828594DC9558A996322
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction ID: 5c50d62c8420c679e74bc3c3473ab3f4413ab18957b0b7cf1e19b8694fb772fd
          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction Fuzzy Hash:
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01812890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: ee8b19aced4bd19a4ec72388f384d0a1d008057c1da42dba180687bf853e1568
          • Instruction ID: 96a30afb2279e16baf28d643eaa6eb0053075ceb8dddcc606288796155f83914
          • Opcode Fuzzy Hash: ee8b19aced4bd19a4ec72388f384d0a1d008057c1da42dba180687bf853e1568
          • Instruction Fuzzy Hash: 4A51F6B2A0011ABFDB11DBAC899097EFBBDBB483407608229F4A5D7645D734DF4087E0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01882410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: b70f5493bb1c3b3ca3542e0c5ba9a7ca817533433cd12a247ef44c8ed8d3d72e
          • Instruction ID: 4d51e301cf5f431a4085dedf14ff1180aa6c557132e50d539c6309c388d1a702
          • Opcode Fuzzy Hash: b70f5493bb1c3b3ca3542e0c5ba9a7ca817533433cd12a247ef44c8ed8d3d72e
          • Instruction Fuzzy Hash: C651F1B5A40646AACB30EE9CC99087FFBFAAF44300B44846DF496D3642E674EB40C770
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01807630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
          Download Yara Rule
          Strings
          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01844725
          • ExecuteOptions, xrefs: 018446A0
          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018446FC
          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01844787
          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01844742
          • Execute=1, xrefs: 01844713
          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01844655
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
          • API String ID: 0-484625025
          • Opcode ID: ebb7944b7fcebc284e94316082138612a44034b48dccdcf29f6fd619895b59e3
          • Instruction ID: 74289f425b6418d8be41dac9285a9a8398f811a55d6a5c9898360217955806e2
          • Opcode Fuzzy Hash: ebb7944b7fcebc284e94316082138612a44034b48dccdcf29f6fd619895b59e3
          • Instruction Fuzzy Hash: 1D51197160021DAAEF62EAA8DC95BB977A8EF14344F1400A9E606E71C1EB70AB458F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0181B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: __aulldvrm
          • String ID: +$-$0$0
          • API String ID: 1302938615-699404926
          • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
          • Instruction ID: 85cecca8b308c48b45c1cf395c914ab586026284699d9b2b98a79a262f643a8d
          • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
          • Instruction Fuzzy Hash: D081E372E052498FEF258F6CC8517FEBBB9AF54760F184919E851E7299C7308A40CB61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 018820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$[$]:%u
          • API String ID: 48624451-2819853543
          • Opcode ID: 7843487436741cc4d9c6c8fab32fccf7433ad8d76a73c0524ec3d1da09fb07ef
          • Instruction ID: 33c38526ee9265dfe10424da57a061e01d01804813582f817285b848e3c50869
          • Opcode Fuzzy Hash: 7843487436741cc4d9c6c8fab32fccf7433ad8d76a73c0524ec3d1da09fb07ef
          • Instruction Fuzzy Hash: 182151BAA00519ABDB11EF7DC840AAEBBE9EF54744F54011AE905E3204E730EB11CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
          Download Yara Rule
          Strings
          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018402E7
          • RTL: Re-Waiting, xrefs: 0184031E
          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018402BD
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
          • API String ID: 0-2474120054
          • Opcode ID: 24566e7d1c5dd4416ae393b8e9300915fd89bddd8e3822d23dbd8f909b9fee8f
          • Instruction ID: d0138a0c60c462586f2754cbd83f003971552e3aef632858dbfbc3af8f22222b
          • Opcode Fuzzy Hash: 24566e7d1c5dd4416ae393b8e9300915fd89bddd8e3822d23dbd8f909b9fee8f
          • Instruction Fuzzy Hash: 97E1AA326087459FD725CF28C884B6BBBE0AB88714F140A5DF6A5CB3E1DB74DA44CB52
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0180B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          APIs
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0184728C
          Strings
          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01847294
          • RTL: Resource at %p, xrefs: 018472A3
          • RTL: Re-Waiting, xrefs: 018472C1
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
          • API String ID: 885266447-605551621
          • Opcode ID: da1e8683500f4b8e552b25174d4699b8d0e9a6409287b4555120c5ca69d7bc80
          • Instruction ID: 5ad9ec352261f7957b9e8bfe31103b7ddfaf6803214728911d6b02200fa8f19a
          • Opcode Fuzzy Hash: da1e8683500f4b8e552b25174d4699b8d0e9a6409287b4555120c5ca69d7bc80
          • Instruction Fuzzy Hash: 9041227570061AABC721CE29CC81B66B7A5FB94714F100619F956EB280DB31EA4287D2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01882300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$]:%u
          • API String ID: 48624451-3050659472
          • Opcode ID: 56263039b4f1cef36665780a51a29875762760900755e0233688be340a777660
          • Instruction ID: dd5b80cc0211d80568b7e559f871a180add6955aa70751cd6103ec3b9cca9cba
          • Opcode Fuzzy Hash: 56263039b4f1cef36665780a51a29875762760900755e0233688be340a777660
          • Instruction Fuzzy Hash: 4C317376A002199EDB20DE2DCC50BAEB7F9AF44710F84455AE949E3200EB30AB44CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 017D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017A0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_17a0000_YHcZGpLBUw.jbxd
          Similarity
          • API ID:
          • String ID: $$@
          • API String ID: 0-1194432280
          • Opcode ID: c54bc7c70051c2b7fd6d4a6ca20a259aac4891217d319860771d2b4169ca7bf0
          • Instruction ID: 8b0973c9e3fb7a8c421c9a124d811706ba930401231ee9ef54327a80ae95c6a6
          • Opcode Fuzzy Hash: c54bc7c70051c2b7fd6d4a6ca20a259aac4891217d319860771d2b4169ca7bf0
          • Instruction Fuzzy Hash: 90810C71D002699BDB31CB54CC45BEAB7B9AF48714F0441EAEA19B7280E7705F84DFA0
          Uniqueness

          Uniqueness Score: -1.00%