Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
1.NOTIFICACION DEMANDA LABORAL (1).7z

Overview

General Information

Sample Name:1.NOTIFICACION DEMANDA LABORAL (1).7z
(renamed file extension from REV to 7z, renamed because original name is a hash value)
Original Sample Name:1.NOTIFICACION DEMANDA LABORAL (1).REV
Analysis ID:1301773
MD5:495ec7f149ccac07f7f0edf65738dca2
SHA1:48bcd4c38f99ec4be9e075e5b41d767c95ec0cf5
SHA256:48b01510b09c663739944b60f94560df63f90db57968283e719a427f681c7cb9
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates a DirectInput object (often for capturing keystrokes)
Sample execution stops while process was sleeping (likely an evasion)
May sleep (evasive loops) to hinder dynamic analysis
Creates a process in suspended mode (likely to inject code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • unarchiver.exe (PID: 6912 cmdline: C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
    • 7za.exe (PID: 6936 cmdline: C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\zkhr5ws0.qi4" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
      • conhost.exe (PID: 6944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
Source: unarchiver.exe, 00000000.00000002.472948015.00000000011DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>memstr_5bad0d6c-1
Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: classification engineClassification label: clean2.win7Z@4/1@0/0
Source: unknownProcess created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\zkhr5ws0.qi4" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\zkhr5ws0.qi4" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7zJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6944:120:WilError_01
Source: 1.NOTIFICACION DEMANDA LABORAL (1).7zStatic file information: File size 1719050 > 1048576
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6996Thread sleep count: 208 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6996Thread sleep time: -104000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_0135B1D6 GetSystemInfo,0_2_0135B1D6
Source: 1.NOTIFICACION DEMANDA LABORAL (1).7zBinary or memory string: hGFSz"
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\zkhr5ws0.qi4" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7zJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception11
Process Injection		1
Virtualization/Sandbox Evasion		1
Input Capture		1
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager3
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1301773 Sample: 1.NOTIFICACION DEMANDA LABO... Startdate: 01/09/2023 Architecture: WINDOWS Score: 2 6 unarchiver.exe 4 2->6         started        process3 8 7za.exe 2 6->8         started        process4 10 conhost.exe 8->10         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
1.NOTIFICACION DEMANDA LABORAL (1).7z0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1301773
Start date and time:2023-09-01 18:51:36 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:22
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample file name:1.NOTIFICACION DEMANDA LABORAL (1).7z
(renamed file extension from REV to 7z, renamed because original name is a hash value)
Original Sample Name:1.NOTIFICACION DEMANDA LABORAL (1).REV
Detection:CLEAN
Classification:clean2.win7Z@4/1@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 47
  • Number of non-executed functions: 0
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, kv601.prod.do.dsp.mp.microsoft.com, geover.prod.do.dsp.mp.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, eudb.ris.api.iris.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, arc.msn.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: 1.NOTIFICACION DEMANDA LABORAL (1).7z

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\unarchiver.log

Download File
Process:C:\Windows\SysWOW64\unarchiver.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):3061
Entropy (8bit):5.243273975319438
Encrypted:false
SSDEEP:48:oUvyFWTpcGZcGbZcGZcGprcGmcGZcGptyFWcGb3cGIyFWcG3cGtcGrcGTcGucG6j:oUvflJdJt2JHfr3YfHdbD+KJ9XJqJWJn
MD5:95A9DBADAC0E79FC141ADC4D7D4F6001
SHA1:4B3A61E47B7F4A9C4F5E149E7F0C2C361CE0A977
SHA-256:7AEA1516B79D18BE5FC97489D48F2B3B735A14098E1BFDFF201E741B2D8AF10E
SHA-512:1439EBBE5D23D7B0FE5F4994BB163D30E4A04CF3780833E513185408043FAC984DBAC4F596427422DCC1107B1E332D5C8FE7B3EA7C11DC15D4795A79491293D7
Malicious:false
Reputation:low
Preview:09/01/2023 6:52 PM: Unpack: C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z..09/01/2023 6:52 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\zkhr5ws0.qi4..09/01/2023 6:52 PM: Received from standard out: ..09/01/2023 6:52 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..09/01/2023 6:52 PM: Received from standard out: ..09/01/2023 6:52 PM: Received from standard out: Scanning the drive for archives:..09/01/2023 6:52 PM: Received from standard out: 1 file, 1719050 bytes (1679 KiB)..09/01/2023 6:52 PM: Received from standard out: ..09/01/2023 6:52 PM: Received from standard out: Extracting archive: C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z..09/01/2023 6:52 PM: Received from standard out: --..09/01/2023 6:52 PM: Received from standard out: Path = C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z..09/01/2023 6:52 PM: Received from standard out: Type = 7z..09/01/2023 6:52 PM: Received from standard

Static File Info

General

File type:7-zip archive data, version 0.4
Entropy (8bit):7.999881548479681
TrID:
  • 7-Zip compressed archive (6006/1) 100.00%
File name:1.NOTIFICACION DEMANDA LABORAL (1).7z
File size:1'719'050 bytes
MD5:495ec7f149ccac07f7f0edf65738dca2
SHA1:48bcd4c38f99ec4be9e075e5b41d767c95ec0cf5
SHA256:48b01510b09c663739944b60f94560df63f90db57968283e719a427f681c7cb9
SHA512:bacf9ae09b87650f30290551db51470984ffa2fb1b034b73f29e82783a2dfb7ac3366067f0e4f896da34afaa5468098d1c1adcb39a982a73d339db80b35bf65f
SSDEEP:49152:dR8iAJeLZkQcoP1OPAjLgcwOFzusm1PwBEDP:wiweLZLPOAjFO1PwBEj
TLSH:4F8533649747C7B60EB6F9D460BE837F0B07603A4E3C1DB85688666C687B3E17523B09
File Content Preview:7z..'......1.:......$........%...e....:opl...\t..pH.3.{....\...:.!U.....y.0.Z..k..;...:.........sF.D..b.1.3S;.6}E.}....Y....b...+..E#.(t....y.....=3... F.d.o....yIp=..*.v?~^.Js.V\.=.3.....j...)'c6V7..C.Y.c.....#......p.W.daN..i-...g.......C..&Bk.r*.zQ=..|

File Icon

Icon Hash:90cececece8e8eb0

Network Behavior

No network behavior found

Statistics

CPU Usage

050100s020406080100

Click to jump to process

Memory Usage

050100s0.00510MB

Click to jump to process

High Level Behavior Distribution

  • File
  • Registry

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:18:52:25
Start date:01/09/2023
Path:C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):true
Commandline:C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z
Imagebase:0xc60000
File size:12'800 bytes
MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:.Net C# or VB.NET
Reputation:moderate
Has exited:false
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:1
Start time:18:52:25
Start date:01/09/2023
Path:C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):true
Commandline:C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\zkhr5ws0.qi4" "C:\Users\user\Desktop\1.NOTIFICACION DEMANDA LABORAL (1).7z
Imagebase:0xed0000
File size:289'792 bytes
MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:2
Start time:18:52:25
Start date:01/09/2023
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6bab10000
File size:625'664 bytes
MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:21.4%
Dynamic/Decrypted Code Coverage:100%
Signature Coverage:0%
Total number of Nodes:73
Total number of Limit Nodes:4
Show Legend
Hide Nodes/Edges
execution_graph 1168 135b1b4 1170 135b1d6 GetSystemInfo 1168->1170 1171 135b210 1170->1171 1200 135ab76 1201 135abe6 CreatePipe 1200->1201 1203 135ac3e 1201->1203 1204 135a370 1205 135a392 RegQueryValueExW 1204->1205 1207 135a41b 1205->1207 1172 135a933 1173 135a962 WriteFile 1172->1173 1175 135a9c9 1173->1175 1126 135a172 1127 135a1c2 FindNextFileW 1126->1127 1128 135a1ca 1127->1128 1129 135afb2 1130 135b010 1129->1130 1131 135afde FindClose 1129->1131 1130->1131 1132 135aff3 1131->1132 1137 135a5fe 1138 135a636 CreateFileW 1137->1138 1140 135a685 1138->1140 1149 135abe6 1150 135ac36 CreatePipe 1149->1150 1151 135ac3e 1150->1151 1176 135a120 1177 135a172 FindNextFileW 1176->1177 1179 135a1ca 1177->1179 1152 135a962 1155 135a997 WriteFile 1152->1155 1154 135a9c9 1155->1154 1180 135a2ae 1182 135a2b2 SetErrorMode 1180->1182 1183 135a31b 1182->1183 1208 135a6d4 1209 135a716 FindCloseChangeNotification 1208->1209 1211 135a750 1209->1211 1114 135a716 1115 135a781 1114->1115 1116 135a742 FindCloseChangeNotification 1114->1116 1115->1116 1117 135a750 1116->1117 1122 135b1d6 1123 135b202 GetSystemInfo 1122->1123 1124 135b238 1122->1124 1125 135b210 1123->1125 1124->1123 1212 135a850 1214 135a882 SetFilePointer 1212->1214 1215 135a8e6 1214->1215 1216 135a5dc 1218 135a5fe CreateFileW 1216->1218 1219 135a685 1218->1219 1141 135a2da 1142 135a306 SetErrorMode 1141->1142 1143 135a32f 1141->1143 1144 135a31b 1142->1144 1143->1142 1184 135ad04 1185 135ad2a DuplicateHandle 1184->1185 1187 135adaf 1185->1187 1145 135aa46 1147 135aa6c CreateDirectoryW 1145->1147 1148 135aa93 1147->1148 1156 135a882 1158 135a8b7 SetFilePointer 1156->1158 1159 135a8e6 1158->1159 1188 135a78f 1189 135a7c2 GetFileType 1188->1189 1191 135a824 1189->1191 1192 135aa0b 1194 135aa46 CreateDirectoryW 1192->1194 1195 135aa93 1194->1195 1196 135af8b 1199 135afb2 FindClose 1196->1199 1198 135aff3 1199->1198

Callgraph

Hide Legend
  • Executed
  • Not Executed
  • Opacity -> Relevance
  • Disassembly available
callgraph 0 Function_01352430 1 Function_0135A933 2 Function_02F105F6 3 Function_0135A33D 4 Function_02F107F8 5 Function_0135213C 6 Function_02EC0DE0 34 Function_02EC0BA0 6->34 7 Function_0135A23A 8 Function_0135B121 9 Function_0135A120 10 Function_0135AF22 11 Function_0135A02E 12 Function_0135AD2A 13 Function_0135A716 14 Function_0135B01E 15 Function_02EC02C0 15->2 24 Function_02F105CF 15->24 15->34 49 Function_02EC0B8F 15->49 60 Function_02EC0799 15->60 16 Function_0135A005 17 Function_0135AE05 18 Function_0135AD04 19 Function_01352006 20 Function_0135AB06 21 Function_0135AF00 22 Function_0135A50F 23 Function_02EC0DD1 23->34 25 Function_0135AA0B 26 Function_0135AE75 27 Function_0135B276 28 Function_0135AB76 29 Function_02EC0CA8 30 Function_0135A370 31 Function_0135A172 32 Function_0135B472 33 Function_01352C7C 35 Function_0135A078 36 Function_02EC0DA2 36->34 37 Function_02F105BF 38 Function_01352264 39 Function_01352364 40 Function_0135A566 41 Function_02F107A2 42 Function_0135A962 43 Function_02F107A6 44 Function_0135A462 45 Function_0135AC6C 46 Function_02EC02B0 46->2 46->24 46->34 46->49 46->60 47 Function_02EC05B1 48 Function_02F105AF 50 Function_0135B351 51 Function_0135A850 52 Function_0135B052 53 Function_0135B15D 54 Function_0135265D 55 Function_0135A45C 56 Function_01352458 57 Function_01352044 58 Function_0135AA46 59 Function_0135B246 60->2 60->24 60->29 60->34 60->49 61 Function_02EC0C99 60->61 68 Function_02EC0C60 60->68 85 Function_02EC0C50 60->85 62 Function_0135B1B4 63 Function_02F10774 64 Function_02F10874 65 Function_0135AEB2 66 Function_0135AFB2 67 Function_013523BC 69 Function_01352BA1 70 Function_013525A3 71 Function_0135A2AE 72 Function_02F1066F 73 Function_01352194 74 Function_02EC0748 75 Function_0135A392 76 Function_0135B49E 77 Function_0135B39E 78 Function_02F1065A 79 Function_02F1025D 80 Function_0135A09A 81 Function_0135A486 82 Function_0135A882 83 Function_0135A78F 84 Function_0135AC8E 86 Function_0135AF8B 87 Function_013523F4 88 Function_0135A1F4 89 Function_013521F0 90 Function_01352BF2 91 Function_013525FD 92 Function_02F10638 92->78 93 Function_0135A5FE 94 Function_02EC0C3D 95 Function_0135ABE6 96 Function_02EC0739 97 Function_0135AAE0 98 Function_013524E8 99 Function_0135A6D4 100 Function_0135B1D6 101 Function_02EC0E08 101->34 102 Function_013520D0 103 Function_0135A5DC 104 Function_02EC0006 105 Function_02F1081E 106 Function_0135A2DA 107 Function_0135AADA 108 Function_02F10701 109 Function_02F10000 110 Function_02EC0E18 110->34 111 Function_0135A7C2 112 Function_02F1000C

Executed Functions

APIs
  • GetSystemInfo.KERNELBASE(?), ref: 0135B208
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: InfoSystem
  • String ID:
  • API String ID: 31276548-0
  • Opcode ID: 549434b199e03f1f3d2710809f592c529877ab289b2f6e99a3ef5e00d4065888
  • Instruction ID: a71eec33fbaa16d71eca6ef993b3c85eb3f125053613e5b358b6b308e840568b
  • Opcode Fuzzy Hash: 549434b199e03f1f3d2710809f592c529877ab289b2f6e99a3ef5e00d4065888
  • Instruction Fuzzy Hash: 5F01D1318042449FDB50CF59E889B6AFBA8EF45624F08C0ABDD489F74AD374A408CF72
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 0 135b246-135b2eb 5 135b343-135b348 0->5 6 135b2ed-135b2f5 DuplicateHandle 0->6 5->6 8 135b2fb-135b30d 6->8 9 135b30f-135b340 8->9 10 135b34a-135b34f 8->10 10->9
APIs
  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0135B2F3
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: 492cec0685f8be0240870f57f18da66d309286bb8e3a6560ebde1405e12bf52e
  • Instruction ID: f0157c69b618ee9053bd9af2b9ed8db529f4de78a3bbb75437ee1ad51117c095
  • Opcode Fuzzy Hash: 492cec0685f8be0240870f57f18da66d309286bb8e3a6560ebde1405e12bf52e
  • Instruction Fuzzy Hash: EA31E471504384AFEB128B21DC44FA7BFBCEF46324F0484AAED81DB652D324A809CB75
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 14 135ad04-135ad9f 19 135adf7-135adfc 14->19 20 135ada1-135ada9 DuplicateHandle 14->20 19->20 22 135adaf-135adc1 20->22 23 135adc3-135adf4 22->23 24 135adfe-135ae03 22->24 24->23
APIs
  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0135ADA7
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: 7bda9f924f22c7f88bf7181b8720a8b1362631a0ec6c1c344feed78f74857d47
  • Instruction ID: 25e0d451eabb5f4236ba824957f0077e8f9e5e82832f1a3181f9e087a4ef8ed0
  • Opcode Fuzzy Hash: 7bda9f924f22c7f88bf7181b8720a8b1362631a0ec6c1c344feed78f74857d47
  • Instruction Fuzzy Hash: 3831E7711043846FEB228B65DC44FA7BFACEF46324F0488AAF985DB652D224A409CB75
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 28 135ab76-135ac67 CreatePipe
APIs
  • CreatePipe.KERNELBASE(?,00000E2C,?,?), ref: 0135AC36
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CreatePipe
  • String ID:
  • API String ID: 2719314638-0
  • Opcode ID: 2079b62c0eb89a9a20f0f4e0374beb56aa7e10f56e3b02c2957217553717764d
  • Instruction ID: c7e2e7bdc743a903e8aa6a762446053a82bd7a03675aed220712eb0e79e134c3
  • Opcode Fuzzy Hash: 2079b62c0eb89a9a20f0f4e0374beb56aa7e10f56e3b02c2957217553717764d
  • Instruction Fuzzy Hash: CC318E7250E3C05FD7138B718C65A55BFB4EF47650F1A84DBD8C48F1A3E2286919CB62
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 33 135a5dc-135a656 37 135a658 33->37 38 135a65b-135a667 33->38 37->38 39 135a66c-135a675 38->39 40 135a669 38->40 41 135a677-135a69b CreateFileW 39->41 42 135a6c6-135a6cb 39->42 40->39 45 135a6cd-135a6d2 41->45 46 135a69d-135a6c3 41->46 42->41 45->46
APIs
  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0135A67D
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CreateFile
  • String ID:
  • API String ID: 823142352-0
  • Opcode ID: 8b281bd6de993800e2863f160385f82676d20ecf5000e7902df391a2d7ceb742
  • Instruction ID: 4ca777efb6f8e4309d74f4ef7e94ae8a033f74d85353d6fc7f6fd4ba305faafb
  • Opcode Fuzzy Hash: 8b281bd6de993800e2863f160385f82676d20ecf5000e7902df391a2d7ceb742
  • Instruction Fuzzy Hash: B1319C71504340AFE722CF25CC45FA6BFE8EF49624F0884AAED858B652D375E408CB75
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 49 135a120-135a1f3 FindNextFileW
APIs
  • FindNextFileW.KERNELBASE(?,00000E2C,?,?), ref: 0135A1C2
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FileFindNext
  • String ID:
  • API String ID: 2029273394-0
  • Opcode ID: e152d9a9c62788a2123f6d6e0b084e8634c41ff36baae475409610898aa40253
  • Instruction ID: 0415a0463af424891ed0ed707ae7922a6f6d65d47f8604d007a8c2d66297655c
  • Opcode Fuzzy Hash: e152d9a9c62788a2123f6d6e0b084e8634c41ff36baae475409610898aa40253
  • Instruction Fuzzy Hash: 0721D37140D3C06FD7128B258C55BA2BFB4EF87610F1985DBD8848F693D225A919C7A2
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 71 135ad2a-135ad9f 75 135adf7-135adfc 71->75 76 135ada1-135ada9 DuplicateHandle 71->76 75->76 78 135adaf-135adc1 76->78 79 135adc3-135adf4 78->79 80 135adfe-135ae03 78->80 80->79
APIs
  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0135ADA7
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: 8d9dd58459723b0b7dd20aa7aeb4d943e227bb75aaba4436f55ad92285bc020a
  • Instruction ID: 5b8a22a178d34aaf084c1372f864f8a9b77c26bbaa7a484d94c86a80ced4a67e
  • Opcode Fuzzy Hash: 8d9dd58459723b0b7dd20aa7aeb4d943e227bb75aaba4436f55ad92285bc020a
  • Instruction Fuzzy Hash: 9121E072500208AFEB219F64DC44FABF7ECEF09324F04892AED45DBA41D330A4088B69
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 84 135b276-135b2eb 88 135b343-135b348 84->88 89 135b2ed-135b2f5 DuplicateHandle 84->89 88->89 91 135b2fb-135b30d 89->91 92 135b30f-135b340 91->92 93 135b34a-135b34f 91->93 93->92
APIs
  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0135B2F3
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: 445fa03d8b55fff3189b16860a86d516867545bd177d94acf1b05945084212ca
  • Instruction ID: ed5f658858693a3f88ccaf0898298c6d37705ba51a81eeded32de410eb00c047
  • Opcode Fuzzy Hash: 445fa03d8b55fff3189b16860a86d516867545bd177d94acf1b05945084212ca
  • Instruction Fuzzy Hash: 3F21B272500204AFEB218F65DC49FABF7ACEF49724F04846AED45DB651D370E5088B69
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 54 135a370-135a3cf 57 135a3d4-135a3dd 54->57 58 135a3d1 54->58 59 135a3e2-135a3e8 57->59 60 135a3df 57->60 58->57 61 135a3ed-135a404 59->61 62 135a3ea 59->62 60->59 64 135a406-135a419 RegQueryValueExW 61->64 65 135a43b-135a440 61->65 62->61 66 135a442-135a447 64->66 67 135a41b-135a438 64->67 65->64 66->67
APIs
  • RegQueryValueExW.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A40C
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: QueryValue
  • String ID:
  • API String ID: 3660427363-0
  • Opcode ID: aa5da62d18074ea7d5c7ba11c166df48291c41e1c01734072531ac3fddb9aa90
  • Instruction ID: 1be3285524b167433c4d730544bb05fe2dc5da95a919afe095d773bdb77f0991
  • Opcode Fuzzy Hash: aa5da62d18074ea7d5c7ba11c166df48291c41e1c01734072531ac3fddb9aa90
  • Instruction Fuzzy Hash: F3218D71505344AFE721CF15CC84F93BBFCEF46614F08859AE985DB252D364E848CB65
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 97 135a850-135a8d6 101 135a8d8-135a8f8 SetFilePointer 97->101 102 135a91a-135a91f 97->102 105 135a921-135a926 101->105 106 135a8fa-135a917 101->106 102->101 105->106
APIs
  • SetFilePointer.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A8DE
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FilePointer
  • String ID:
  • API String ID: 973152223-0
  • Opcode ID: ee67eaadc9dc2a5ed46327467ac8d611dc24401475eb0ce18c8d44e68259c71d
  • Instruction ID: e28efe683a8c0925b5fd7a666c20fb156ab51aefec8bc77485d013833e0a8fd2
  • Opcode Fuzzy Hash: ee67eaadc9dc2a5ed46327467ac8d611dc24401475eb0ce18c8d44e68259c71d
  • Instruction Fuzzy Hash: AC21B271409380AFEB128B24DC44FA6BFB8EF46614F0884ABED849F653C264A809C775
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 109 135a933-135a9b9 113 135a9fd-135aa02 109->113 114 135a9bb-135a9db WriteFile 109->114 113->114 117 135aa04-135aa09 114->117 118 135a9dd-135a9fa 114->118 117->118
APIs
  • WriteFile.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A9C1
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FileWrite
  • String ID:
  • API String ID: 3934441357-0
  • Opcode ID: 68ff946120f11ae4a556fb27164ee50fe243b986fdcd33664e3ef9ad0877254f
  • Instruction ID: cb6e8151b6873bfd8e8d76b65ec33aeabab1b17bf6c50cf4afb61911fc989cfe
  • Opcode Fuzzy Hash: 68ff946120f11ae4a556fb27164ee50fe243b986fdcd33664e3ef9ad0877254f
  • Instruction Fuzzy Hash: 7A21B071409380AFDB228F65DC44F97BFB8EF46214F08859BE9849F252C374A408CB76
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 121 135a5fe-135a656 124 135a658 121->124 125 135a65b-135a667 121->125 124->125 126 135a66c-135a675 125->126 127 135a669 125->127 128 135a677-135a67f CreateFileW 126->128 129 135a6c6-135a6cb 126->129 127->126 131 135a685-135a69b 128->131 129->128 132 135a6cd-135a6d2 131->132 133 135a69d-135a6c3 131->133 132->133
APIs
  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0135A67D
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CreateFile
  • String ID:
  • API String ID: 823142352-0
  • Opcode ID: 0d4d864ea343fdcd0cd2f74f5d03f2291eca8666e2465bc5df09181102128079
  • Instruction ID: 68b99b65d100f58419c8db6dc52974f7e23a972dd9ba8f68edf66b6c33760629
  • Opcode Fuzzy Hash: 0d4d864ea343fdcd0cd2f74f5d03f2291eca8666e2465bc5df09181102128079
  • Instruction Fuzzy Hash: 5E219A71600204AFEB21DF65C949FA6FBE8EF48624F04856AED858B752D371E408CB75
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 136 135a78f-135a80d 140 135a842-135a847 136->140 141 135a80f-135a822 GetFileType 136->141 140->141 142 135a824-135a841 141->142 143 135a849-135a84e 141->143 143->142
APIs
  • GetFileType.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A815
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FileType
  • String ID:
  • API String ID: 3081899298-0
  • Opcode ID: 882ac21ded6baf318b352ea9f8fcd7a8abb1adf11d25fba7b780a7f02116659b
  • Instruction ID: 0232db4f36c11103b4c30e89f3b0001128190bc5abbeea31f1f38862577313a0
  • Opcode Fuzzy Hash: 882ac21ded6baf318b352ea9f8fcd7a8abb1adf11d25fba7b780a7f02116659b
  • Instruction Fuzzy Hash: 2521C3B54093806FE7128B21DC41BA2BFA8EF47724F0880DBED849B253D264A909D775
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 147 135a6d4-135a740 149 135a781-135a786 147->149 150 135a742-135a74a FindCloseChangeNotification 147->150 149->150 152 135a750-135a762 150->152 153 135a764-135a780 152->153 154 135a788-135a78d 152->154 154->153
APIs
  • FindCloseChangeNotification.KERNELBASE(?), ref: 0135A748
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: ChangeCloseFindNotification
  • String ID:
  • API String ID: 2591292051-0
  • Opcode ID: fbbb98002e3a1bf7e89331412155c0c23b530cf32a7f8e8aa8690b6b3c919ad9
  • Instruction ID: b01f378821cc1c6f22e44c2272ea1403a00cbe8ab7b13107660239fd8632d024
  • Opcode Fuzzy Hash: fbbb98002e3a1bf7e89331412155c0c23b530cf32a7f8e8aa8690b6b3c919ad9
  • Instruction Fuzzy Hash: 2B21C5759093C05FD7138B25DC95652BFB8EF07224F0984DBDC858F2A3D2645908CB61
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 156 135aa0b-135aa6a 158 135aa6c 156->158 159 135aa6f-135aa75 156->159 158->159 160 135aa77 159->160 161 135aa7a-135aa83 159->161 160->161 162 135aa85-135aaa5 CreateDirectoryW 161->162 163 135aac4-135aac9 161->163 166 135aaa7-135aac3 162->166 167 135aacb-135aad0 162->167 163->162 167->166
APIs
  • CreateDirectoryW.KERNELBASE(?,?), ref: 0135AA8B
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CreateDirectory
  • String ID:
  • API String ID: 4241100979-0
  • Opcode ID: 2b513c3455adc3bb02ce7ad4ba0f72b918b32165b10f168f85558f65b3e141c9
  • Instruction ID: 16fb17185daf940735b336d471b53f4a50ec0e2f69cd4941160ba177520ae121
  • Opcode Fuzzy Hash: 2b513c3455adc3bb02ce7ad4ba0f72b918b32165b10f168f85558f65b3e141c9
  • Instruction Fuzzy Hash: 6621AF715083C05FEB12CB29DC55B92BFE8AF46214F0981EAED84CF253D224A909CB61
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 169 135a392-135a3cf 171 135a3d4-135a3dd 169->171 172 135a3d1 169->172 173 135a3e2-135a3e8 171->173 174 135a3df 171->174 172->171 175 135a3ed-135a404 173->175 176 135a3ea 173->176 174->173 178 135a406-135a419 RegQueryValueExW 175->178 179 135a43b-135a440 175->179 176->175 180 135a442-135a447 178->180 181 135a41b-135a438 178->181 179->178 180->181
APIs
  • RegQueryValueExW.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A40C
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: QueryValue
  • String ID:
  • API String ID: 3660427363-0
  • Opcode ID: ac3dcc53abd2671a30c440bd65f2e5178da75e7087d1a6d340d396bd95353165
  • Instruction ID: f4e0d438b173d8b401515ba3a520a110426c1c10fc4ed30e0bd305181d7bd032
  • Opcode Fuzzy Hash: ac3dcc53abd2671a30c440bd65f2e5178da75e7087d1a6d340d396bd95353165
  • Instruction Fuzzy Hash: 33219DB1600204AFEB20CE55CC84FA7BBECEF45A18F04856AED459B752D360E808DA75
Uniqueness

Uniqueness Score: -1.00%

APIs
  • WriteFile.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A9C1
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FileWrite
  • String ID:
  • API String ID: 3934441357-0
  • Opcode ID: feb73baba3a7eca79f01002a973eaf4b892333b55f76edc4bb9176fc9eb5827f
  • Instruction ID: a301882922beb4162ccba371b7d212e6a4f7a1bd82dbae6ed795063b287c8a58
  • Opcode Fuzzy Hash: feb73baba3a7eca79f01002a973eaf4b892333b55f76edc4bb9176fc9eb5827f
  • Instruction Fuzzy Hash: 8211B271404344AFEB21CF55DC84F97FBA8EF45724F04856AED459B641C374A448CBB9
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetFilePointer.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A8DE
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FilePointer
  • String ID:
  • API String ID: 973152223-0
  • Opcode ID: 2f3f947f9fdcf3d415cfdce2e2b64ac9a8f29c9ced42c195a4b2bd08927c58d9
  • Instruction ID: a0a50c529cf78f046b7d24a6ef27acc10699e7caccac271a61fcde0141f8055b
  • Opcode Fuzzy Hash: 2f3f947f9fdcf3d415cfdce2e2b64ac9a8f29c9ced42c195a4b2bd08927c58d9
  • Instruction Fuzzy Hash: 2411C172404304AFEB21CF55DC84FA7FBA8EF89724F0485AAED499B641C374A4088B79
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetErrorMode.KERNELBASE(?), ref: 0135A30C
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: ErrorMode
  • String ID:
  • API String ID: 2340568224-0
  • Opcode ID: cbb62707b2e4d15295035ce2775ab6e1600efab91188c123439afebdba011395
  • Instruction ID: e01f038c2fa7352ec7debb63db9404038837aab3b4c230897c40380efcd07ad5
  • Opcode Fuzzy Hash: cbb62707b2e4d15295035ce2775ab6e1600efab91188c123439afebdba011395
  • Instruction Fuzzy Hash: 9511A0758093C49FDB238B25DC55A52BFB4EF47624F0981DBDD848F263D275A808CB62
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetSystemInfo.KERNELBASE(?), ref: 0135B208
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: InfoSystem
  • String ID:
  • API String ID: 31276548-0
  • Opcode ID: ebac5f997c3d2a7fdca05a11cbb6d20d7a80a02bcdf146bc84124e81002a89e4
  • Instruction ID: 11d3d788f211a2b566113a3f9d85ce61311b6ba7d3ecb4816e80915ff9338eb7
  • Opcode Fuzzy Hash: ebac5f997c3d2a7fdca05a11cbb6d20d7a80a02bcdf146bc84124e81002a89e4
  • Instruction Fuzzy Hash: E7115E714093849FDB128F15DC44B56FFB4EF46224F0884EAED849F253D275A508CB72
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CloseFind
  • String ID:
  • API String ID: 1863332320-0
  • Opcode ID: 0d2ae7e04501f921a1c25022e96ee122ebe757c3985b52d0611436c885632918
  • Instruction ID: 6782bc5c0933a8652545b00dc3e322be949ab7ee395d26546656911b057b8ff0
  • Opcode Fuzzy Hash: 0d2ae7e04501f921a1c25022e96ee122ebe757c3985b52d0611436c885632918
  • Instruction Fuzzy Hash: 9711A0755093C49FD7128B25DC45A52FFB4EF46220F0984EBED858F263D374A808CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • CreateDirectoryW.KERNELBASE(?,?), ref: 0135AA8B
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CreateDirectory
  • String ID:
  • API String ID: 4241100979-0
  • Opcode ID: be4176e003a13c50a69ee08d390027e0d130f6da468115b5aa055a0a931ef1c6
  • Instruction ID: df1b19d831dcb0024dc55d8193ad95b841693a6c2a526814d329c3e406105174
  • Opcode Fuzzy Hash: be4176e003a13c50a69ee08d390027e0d130f6da468115b5aa055a0a931ef1c6
  • Instruction Fuzzy Hash: D911A1716002449FEB50CF29D984B56FBE8EF45624F08C5AAED09CB742E374E408CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetFileType.KERNELBASE(?,00000E2C,4F844EAC,00000000,00000000,00000000,00000000), ref: 0135A815
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FileType
  • String ID:
  • API String ID: 3081899298-0
  • Opcode ID: 98d80abbbbcc79cd0e014dafb629c72cbe62889aec26770e21d403f8208d6ed0
  • Instruction ID: 32591a3c27b2639832b15f06a2a2c24e1964b60ea9dd4f9286740ff696f48239
  • Opcode Fuzzy Hash: 98d80abbbbcc79cd0e014dafb629c72cbe62889aec26770e21d403f8208d6ed0
  • Instruction Fuzzy Hash: 46012231504304AEE720CB15DC85FA7FFACEF46A28F04C0A6ED049B742D374A4088BB9
Uniqueness

Uniqueness Score: -1.00%

APIs
  • FindNextFileW.KERNELBASE(?,00000E2C,?,?), ref: 0135A1C2
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: FileFindNext
  • String ID:
  • API String ID: 2029273394-0
  • Opcode ID: 880009353ae83431e77f639b54e845aab4556e7e7eed401b3a2badc57132756b
  • Instruction ID: 30dab076a5a812baa112d0ce7446c99b37df3992ba42bcd310ea354d72d5d1c6
  • Opcode Fuzzy Hash: 880009353ae83431e77f639b54e845aab4556e7e7eed401b3a2badc57132756b
  • Instruction Fuzzy Hash: B201B171940200AFD710DF16DC85B66FBA8FB88B20F14816AED089B741E331B515CBA6
Uniqueness

Uniqueness Score: -1.00%

APIs
  • CreatePipe.KERNELBASE(?,00000E2C,?,?), ref: 0135AC36
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CreatePipe
  • String ID:
  • API String ID: 2719314638-0
  • Opcode ID: 73883abb5025f79709797f3cf3e6b10e8837fa3f398d15b918514efb3efe5f3c
  • Instruction ID: 11d302111ecc9547712092b7afc49e2c5b0e21ce3a47156859c7462e9af10c48
  • Opcode Fuzzy Hash: 73883abb5025f79709797f3cf3e6b10e8837fa3f398d15b918514efb3efe5f3c
  • Instruction Fuzzy Hash: 6D017171940201AFD710DF16DD85B66FBA8FB88B20F14C16AED089B741E371B515CBA6
Uniqueness

Uniqueness Score: -1.00%

APIs
  • FindCloseChangeNotification.KERNELBASE(?), ref: 0135A748
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: ChangeCloseFindNotification
  • String ID:
  • API String ID: 2591292051-0
  • Opcode ID: be39533abfd36b2dac98b6a3a0d7da13aeaeaf64d645a68c6dda236bcb6ab048
  • Instruction ID: fd14f9bf51f1e62e0eb5e12c8448ea709d99d1dcf28abfb341d6a87d5929d460
  • Opcode Fuzzy Hash: be39533abfd36b2dac98b6a3a0d7da13aeaeaf64d645a68c6dda236bcb6ab048
  • Instruction Fuzzy Hash: D301F2759002449FDB51CF59D885BA6FBE8EF41624F08C0ABDD4ACF742D274E408CBA1
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: CloseFind
  • String ID:
  • API String ID: 1863332320-0
  • Opcode ID: 6217f9530b9dccbfd681635d7ee1d9c14b69dafc82679052fbf9ab374457903a
  • Instruction ID: ccb2f535c229daddce3253f00d5b29534e5864a5ed522a042fd3d1d6a128e3be
  • Opcode Fuzzy Hash: 6217f9530b9dccbfd681635d7ee1d9c14b69dafc82679052fbf9ab374457903a
  • Instruction Fuzzy Hash: E30144755002849FDB108F19DC84B62FBA4EF01624F08C0AADC058FB42D374E408DF62
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID: e]4k^
  • API String ID: 0-246840279
  • Opcode ID: 0bec037abc580cafdda80ae4edb4513cd5fa6aa460895deae721ceb928ff72fb
  • Instruction ID: 30e32ff9d70a607dfe25785184f80cc3b02afbc5872c7fd80c12be9465128dab
  • Opcode Fuzzy Hash: 0bec037abc580cafdda80ae4edb4513cd5fa6aa460895deae721ceb928ff72fb
  • Instruction Fuzzy Hash: F0B14A34A00111EFC728EB64E944A6E7BBAFF8C354F12D068D9069B355DF789D09CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetErrorMode.KERNELBASE(?), ref: 0135A30C
Memory Dump Source
  • Source File: 00000000.00000002.473073721.000000000135A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135A000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_135a000_unarchiver.jbxd
Similarity
  • API ID: ErrorMode
  • String ID:
  • API String ID: 2340568224-0
  • Opcode ID: e58a132ee90904d49ecb92dc53cf3f135e33b9ad18bce118d7a6e82a17824858
  • Instruction ID: 1ae32d032d81e0f700afb3c2726b85993e3d141cb1842a46f2e36ba476351478
  • Opcode Fuzzy Hash: e58a132ee90904d49ecb92dc53cf3f135e33b9ad18bce118d7a6e82a17824858
  • Instruction Fuzzy Hash: 24F0FF348042849FDB208F06D884B62FBA4EF45A28F08C1AACD484F703D3B4A408DB62
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473271824.0000000002F10000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2f10000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0dcca88d408469c26b6a9ae56d60fc902b6f9f66fe6214cbc98f3f839035cc22
  • Instruction ID: 1652d2f82b1b568d2b964375fb4f851d787a0a0728deb87734d892aeda5a28ca
  • Opcode Fuzzy Hash: 0dcca88d408469c26b6a9ae56d60fc902b6f9f66fe6214cbc98f3f839035cc22
  • Instruction Fuzzy Hash: 6111A5A290E3800FDB029630186A5E67FF0C993224F5D88EBD885CB953E51D590FD792
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 520f11fc21d607391835eadca6fa1105ed5229647e69ad1bc7e6daf3123314dc
  • Instruction ID: 3f8baa9a29548bb2542a560d538b1a88984fc177d7233778464d4af5489598c4
  • Opcode Fuzzy Hash: 520f11fc21d607391835eadca6fa1105ed5229647e69ad1bc7e6daf3123314dc
  • Instruction Fuzzy Hash: CCA17C30B04201CFDB18ABB4D46577E76ABEF88318F25D428D91A9B394EF788D42CB55
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 90ed50c6ea5ff69b1635f0ca22cfe16581fda257b18f792777f2ff3a0f9dab0e
  • Instruction ID: 769422b3cfc47a3d1410e7fe48d18d7b98d6c680aba087f00274d6b898eb6aca
  • Opcode Fuzzy Hash: 90ed50c6ea5ff69b1635f0ca22cfe16581fda257b18f792777f2ff3a0f9dab0e
  • Instruction Fuzzy Hash: C221F330B002048BCB45DF3988416BF7BEBAFCA208B44842CD846DB341DF39DE068796
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 5220fa99ca4f7c262c1b3247633636fadbb41fbf96cc5145c180f88cc3b941ae
  • Instruction ID: dd89c05a009f76ec1bcbe211f0cb191cff20cb8f9bde2214e943d0b4df29ac83
  • Opcode Fuzzy Hash: 5220fa99ca4f7c262c1b3247633636fadbb41fbf96cc5145c180f88cc3b941ae
  • Instruction Fuzzy Hash: 0921D6307002058BCB55EF79C4416AFBBEBAFCA248B44882CD586DB745DF39E9068796
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 71a03bf56136507d3267bcf0ca649a1d4d912a2d976ddf684f84682855e6dd95
  • Instruction ID: 01930128eda4951afaabce97f219f16f83e53c70098e88e67f1976f712a70493
  • Opcode Fuzzy Hash: 71a03bf56136507d3267bcf0ca649a1d4d912a2d976ddf684f84682855e6dd95
  • Instruction Fuzzy Hash: 2011D035A24114AFCB14DFB4D8418EF7BF6BB88314B018579E605E7321EB399D05CB91
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8f1338c8be2e3e88cbb812fef024b59bc4d0b1f348902539171375c17f582b50
  • Instruction ID: b66f484a79d390dff6d34ff60efd85b191eeb3d0b22d50360eb2f95200bcf36e
  • Opcode Fuzzy Hash: 8f1338c8be2e3e88cbb812fef024b59bc4d0b1f348902539171375c17f582b50
  • Instruction Fuzzy Hash: 57119135A20118AFCB059BB4D8459EF7BF6EB8C214B015475E205E7320EB35AD05CB91
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473271824.0000000002F10000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2f10000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 58e23ed120e884495fb7911b155d9727111cea060d8b55f031bad02ae5aa1ebc
  • Instruction ID: 411fef2fbc61dc34af20a5ec022cb5599d908a6a2d804a69f0c852674cc9c4e0
  • Opcode Fuzzy Hash: 58e23ed120e884495fb7911b155d9727111cea060d8b55f031bad02ae5aa1ebc
  • Instruction Fuzzy Hash: 0301D8B24097506FC301DF15EC45897FBF8DF86624B08C86FEC499B202D225B918CBA2
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473271824.0000000002F10000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2f10000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c61cd78c5984e573bfe9e109f89d055cad957c4634b55f4d2ba3b99e4deab278
  • Instruction ID: 1e7dc79056a87011a1858e1fe17c7298de47a84f7758eb25231f2ed9ebf784d8
  • Opcode Fuzzy Hash: c61cd78c5984e573bfe9e109f89d055cad957c4634b55f4d2ba3b99e4deab278
  • Instruction Fuzzy Hash: 8201D6725487806FC7018B56EC41893BFE8DF8663070984ABEC88CB612D265B919CB66
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473271824.0000000002F10000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2f10000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: be9b18af11889856df1de64eaa7ce33753e225a257a8d8e6fd7ee68bed866e25
  • Instruction ID: a73f8625b97395daa724347bfab9c90903751c0e20be5637ffbf80ea8f7800ab
  • Opcode Fuzzy Hash: be9b18af11889856df1de64eaa7ce33753e225a257a8d8e6fd7ee68bed866e25
  • Instruction Fuzzy Hash: B2F082B29052046FD340DF15ED458A7F7ECDFC4621B14C52EEC088B701E376A9185AE3
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473271824.0000000002F10000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2f10000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8f4a6ba65ca2182d8729fa5510b7e7616ec2d12000f713562190fe6924a9ce96
  • Instruction ID: 1d9ba4ee0a975f4b5b3a1c4b29f1c97834a1b8554944417b7ce3d547faaf5e6b
  • Opcode Fuzzy Hash: 8f4a6ba65ca2182d8729fa5510b7e7616ec2d12000f713562190fe6924a9ce96
  • Instruction Fuzzy Hash: 1FE06DB6A006045B9650DF0AEC41452F798EB84630718C06BDC0D8B701E275B5088EA6
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3dd9f021c6b3db6c5f689aba6422346ac7d26860ac9a296b54ec7dc8deb18895
  • Instruction ID: 1a93e5d78600bbdccc428547a7b3acb85543b5f1773bef5630eec9347b0d7116
  • Opcode Fuzzy Hash: 3dd9f021c6b3db6c5f689aba6422346ac7d26860ac9a296b54ec7dc8deb18895
  • Instruction Fuzzy Hash: 13E0DF32F143181FCB84DFB898412AE7FE1EB55260F0088BA9008D7341EE398E018381
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 6b058a2d5b4246d0e60bcb38a2f39c346d99276e803566bdcd3ea87bc814d797
  • Instruction ID: ef40230a126ec49100e443f0fe63defa44766087317cd009abcdacee0cc1552f
  • Opcode Fuzzy Hash: 6b058a2d5b4246d0e60bcb38a2f39c346d99276e803566bdcd3ea87bc814d797
  • Instruction Fuzzy Hash: 36D01231F0421C5B8B44EBB998416AE7BDA9B85564F1048799008E7340EE399D408391
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 999600327b75e36d54136d8dfacbedd7dde136dc62015927dab66a433b522df5
  • Instruction ID: c3228efb45fb165c34f7ebdebfaf3f045524af4a9c11b4641d6531c1ac54480d
  • Opcode Fuzzy Hash: 999600327b75e36d54136d8dfacbedd7dde136dc62015927dab66a433b522df5
  • Instruction Fuzzy Hash: 2FD05B315A4300CFC745D7B4D5595E537E5AB85324F56D1A5C0088B362D73CDD86CB41
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 85dd38ad18dd1765d3ebce6cbfb3adbca062463c0d041a106c09f00e7bf9ec86
  • Instruction ID: a4680d241af787bbdedf355f25ca3117a6991341b25d9caab34699644e1fdfd5
  • Opcode Fuzzy Hash: 85dd38ad18dd1765d3ebce6cbfb3adbca062463c0d041a106c09f00e7bf9ec86
  • Instruction Fuzzy Hash: 60E02B30194300CFC706C7B4C5299B63BF1AF81308F45C2A9C4048B262D33C9C41CB40
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473060364.0000000001352000.00000040.00000800.00020000.00000000.sdmp, Offset: 01352000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1352000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 08b59fec8da9a3ab1b8943df5e92c538044d1a0aec1ce8966874c5bf9d6e9d73
  • Instruction ID: 17e26d30a2e36ec2972b55cb5c2333fabc22b096ee2817fb960dd278e299656b
  • Opcode Fuzzy Hash: 08b59fec8da9a3ab1b8943df5e92c538044d1a0aec1ce8966874c5bf9d6e9d73
  • Instruction Fuzzy Hash: 4FD05EB9205AC18FE3268B1CC1A8F963FA4AB52B08F4644F9EC008B763C368E581D200
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473060364.0000000001352000.00000040.00000800.00020000.00000000.sdmp, Offset: 01352000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1352000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 13a2f599b9753e87b3d79b62fa6a17a6916ca33eaa90da01948a52fb93f5cd62
  • Instruction ID: f232fb317ce53b935f87330155bbacc963fae15c9ebceb32de8998e2cfe0186d
  • Opcode Fuzzy Hash: 13a2f599b9753e87b3d79b62fa6a17a6916ca33eaa90da01948a52fb93f5cd62
  • Instruction Fuzzy Hash: 56D05E343002818BD715DB0CC198F5A3BD4EB41B08F0644E8AC008B762C3A5D881C600
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b72ae45fd9b48b577086496ec354a78a0ec485cf0087b062c81b2c0575d2727a
  • Instruction ID: 008391f6986c7c9f4658ab75f9578b2e18c4586aa9c9962667dd898e0f1a203e
  • Opcode Fuzzy Hash: b72ae45fd9b48b577086496ec354a78a0ec485cf0087b062c81b2c0575d2727a
  • Instruction Fuzzy Hash: 5EC01230260204CFC708A7B8D61EA3673DA57C430CF55D568D0080B351DB34EC41CA80
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.473265006.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 7f64f02f0c351583c573391f284e3e6bf45b41a199e6a4a281c29081f6b82c8c
  • Instruction ID: 800ffacd88f4c084f5cc6ddaa3e60581ad787d5c49550f80e6cfbc0353e45575
  • Opcode Fuzzy Hash: 7f64f02f0c351583c573391f284e3e6bf45b41a199e6a4a281c29081f6b82c8c
  • Instruction Fuzzy Hash: 96C01230260304CFC704A7B8D61EA36779A57C4308F95D468D0080B351DB34EC41CA40
Uniqueness

Uniqueness Score: -1.00%