Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1467141
MD5:6a207ddb28bc8092e5ecd21a9230e480
SHA1:82451f8cfed051d2c21a46c1dbb87345ad88177e
SHA256:098634b0bcb1a6dcd49924a8ab3d8e06800f07990a9e7b686a74312191bb0e26
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Enables security privileges
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

  • System is w10x64
  • file.exe (PID: 1480 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6A207DDB28BC8092E5ECD21A9230E480)
    • conhost.exe (PID: 1776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: file.exeReversingLabs: Detection: 18%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00EF4365h0_2_00EF42F8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_00EF16E8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00EF08AEh0_2_00EF087D
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00EF08AEh0_2_00EF0878
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00EF4365h0_2_00EF42FD
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00EF83A3h0_2_00EF836D
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00EF83A3h0_2_00EF8368
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00EF1464
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00EF1470
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 053755EEh0_2_053755B8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 053755EEh0_2_053755A8
Source: file.exe, 00000000.00000002.2036172534.00000000030C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $cq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\cq equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $cq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@|- equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2036172534.00000000030C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2036172534.00000000030C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\cq equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2036172534.00000000030C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,cq equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2036172534.00000000030C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `,cq#www.youtube.com_0.indexeddb.le equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2036172534.00000000030A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.s
Source: file.exe, 00000000.00000002.2036172534.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
Source: file.exe, 00000000.00000002.2036172534.0000000002E05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_d51f819b-8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF2F98 NtQueryInformationProcess,0_2_00EF2F98
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF2F91 NtQueryInformationProcess,0_2_00EF2F91
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF911D0_2_00EF911D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF42F80_2_00EF42F8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF53390_2_00EF5339
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF3CD80_2_00EF3CD8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFE4280_2_00EFE428
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF1C280_2_00EF1C28
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF0C100_2_00EF0C10
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF35800_2_00EF3580
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF8D700_2_00EF8D70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF56D80_2_00EF56D8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFAE380_2_00EFAE38
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFCE100_2_00EFCE10
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFD7800_2_00EFD780
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF27900_2_00EF2790
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF1F500_2_00EF1F50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFBF1D0_2_00EFBF1D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFB8A80_2_00EFB8A8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFA16D0_2_00EFA16D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF42FD0_2_00EF42FD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFEB6D0_2_00EFEB6D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFAB680_2_00EFAB68
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF66750_2_00EF6675
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFA7590_2_00EFA759
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05349E080_2_05349E08
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053404900_2_05340490
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05340EE80_2_05340EE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0534A5B80_2_0534A5B8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053700400_2_05370040
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053710C00_2_053710C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053758300_2_05375830
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053700060_2_05370006
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053760680_2_05376068
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053763300_2_05376330
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053763210_2_05376321
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053710B00_2_053710B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05375CF00_2_05375CF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053758210_2_05375821
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07DF4EC80_2_07DF4EC8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07DF8EF80_2_07DF8EF8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07DF11C00_2_07DF11C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07DF01000_2_07DF0100
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: SecurityJump to behavior
Source: file.exe, 00000000.00000002.2035555092.0000000000F0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000000.2024865103.0000000000922000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInvades.exe" vs file.exe
Source: file.exeBinary or memory string: OriginalFilenameInvades.exe" vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: file.exe, -.csCryptographic APIs: 'CreateDecryptor'
Source: file.exe, -.csCryptographic APIs: 'CreateDecryptor'
Source: file.exe, -.csBase64 encoded string: 'zjvlJ36QsxDzNXeY/jb/PHXT3DHlNnaf8TutFH6J2CziIWK87jHzPnmR5HnxNm+i2zf6P1Wc8CetPGui1CzzIm6c8SviKiCa+DbJH36T+jb+aFyY6RbvI3677y37G3qT+S7zaHyY6R3YMnaYpgv4N36F0iStAX6c+RHiIXKT+nnXN3/G+ifiDEuS7iviOnSTpiXzJ0S+6DDkNnWJ2S37MnKTphHzJ1+c6SOtYCrNrnutEmiO+C/0P2Ku+DDgNmnGziv7I3eY3DHlNnaf8TvTK2uR8jDzISCf/CDzP22QpjH7PHCY6SflJw=='
Source: classification engineClassification label: mal64.evad.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
Source: C:\Users\user\Desktop\file.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1776:120:WilError_03
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Source: file.exe, -.cs.Net Code: _E05E System.Reflection.Assembly.Load(byte[])
Source: file.exeStatic PE information: section name: .text entropy: 7.256453738759852
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE@|-
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE`,CQ
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE@\CQ
Source: C:\Users\user\Desktop\file.exeMemory allocated: EF0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: 2AB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1076Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe@\cq
Source: file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe`,cq
Source: file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe@|-
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF16E8 CheckRemoteDebuggerPresent,0_2_00EF16E8
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
Source: file.exe, 00000000.00000002.2036172534.0000000002E05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
Source: file.exe, 00000000.00000002.2036172534.0000000002E05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
2
Process Injection
1
Masquerading
11
Input Capture
211
Security Software Discovery
Remote Services11
Input Capture
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Disable or Modify Tools
LSASS Memory2
Process Discovery
Remote Desktop Protocol11
Archive Collected Data
Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
Virtualization/Sandbox Evasion
Security Account Manager41
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Process Injection
NTDS12
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Obfuscated Files or Information
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Software Packing
DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading
Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
file.exe18%ReversingLabsByteCode-MSIL.Trojan.Zilla
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://api.ip.sb/ip0%URL Reputationsafe
https://discord.com/api/v9/users/0%Avira URL Cloudsafe
https://api.ip.s0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://api.ip.sb/ipfile.exe, 00000000.00000002.2036172534.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.ip.sfile.exe, 00000000.00000002.2036172534.00000000030A5000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://discord.com/api/v9/users/file.exe, 00000000.00000002.2036172534.0000000003138000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2036172534.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
No contacted IP infos
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1467141
Start date and time:2024-07-03 18:41:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 31s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal64.evad.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 99%
  • Number of executed functions: 102
  • Number of non-executed functions: 22
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: file.exe
No simulations
No context
No context
No context
No context
No context
Process:C:\Users\user\Desktop\file.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1119
Entropy (8bit):5.345080863654519
Encrypted:false
SSDEEP:24:ML9E4KlKDE4KhKiKhIE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4j:MxHKlYHKh3oIHKx1qHitHo6hAHKze0Hj
MD5:1B6869C1B7FFE2691B415D60A088004E
SHA1:D65C5293683E856ADA02D8F34B1B2CE07EAE707B
SHA-256:BEE51687135C913F56858329E75BE03DE454DA5669891450A221567029FE9F06
SHA-512:996C59693C3A5604CA7519A8E5CA1E77D0213E04FA77671623DA6452A9E42C13BBFE577F4EEA21DEE48D08B36E3F65432D6C943A1FE9F60336B8709ED21A6D2B
Malicious:true
Reputation:low
Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):6.519298303309907
TrID:
  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
  • Win32 Executable (generic) a (10002005/4) 49.78%
  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
  • Generic Win/DOS Executable (2004/3) 0.01%
  • DOS Executable Generic (2002/1) 0.01%
File name:file.exe
File size:436'736 bytes
MD5:6a207ddb28bc8092e5ecd21a9230e480
SHA1:82451f8cfed051d2c21a46c1dbb87345ad88177e
SHA256:098634b0bcb1a6dcd49924a8ab3d8e06800f07990a9e7b686a74312191bb0e26
SHA512:ae8d6c9c7437f6a6a37ae237863442fa57fe8760c8aa5c5b8fd429c41c020834fc8d52db23603918777b9f108fcc99fd629d7fe9fd66f17f6a536ecfd0551f7f
SSDEEP:6144:Dxyc7IZQzmRYVINzmNEvqI5RcU7JqmFD/gx3sDzg9iR1h6+:DocMZN78E4U7kmFasMYR1h
TLSH:C3946A48D3B0BA24D6BB02776561369C8EB4DE45238BFF1B59CC75E36A3B264810B137
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>h.f..............0..:...n.......Y... ........@.. ....................................@................................
Icon Hash:376d9eccf171330e
Entrypoint:0x4459de
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:0x6685683E [Wed Jul 3 15:03:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x459900x4b.text
IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x26c00.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x6e0000xc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x20000x439e40x43a00205ca3961fc0318ded3ec68910ece120False0.7059698475046211data7.256453738759852IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc0x460000x26c000x26c00b6f670b9897ca4279eb5e2808cb846a2False0.28248487903225805data4.35415516607616IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x6e0000xc0x2005abd4b7d4511e8191933e7c3b71a6fa5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x461800x5f5bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9950432182212937
RT_ICON0x4c0ec0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.11927717969951497
RT_ICON0x5c9240x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.15222303973092285
RT_ICON0x65ddc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.20760510155880962
RT_ICON0x6a0140x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.25570539419087135
RT_GROUP_ICON0x6c5cc0x4cdata0.7763157894736842
RT_VERSION0x6c6280x2fadata0.4645669291338583
RT_MANIFEST0x6c9340x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
DLLImport
mscoree.dll_CorExeMain
No network behavior found

Click to jump to process

Click to jump to process

Click to dive into process behavior distribution

Click to jump to process

Target ID:0
Start time:12:41:56
Start date:03/07/2024
Path:C:\Users\user\Desktop\file.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\file.exe"
Imagebase:0x920000
File size:436'736 bytes
MD5 hash:6A207DDB28BC8092E5ECD21A9230E480
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Target ID:1
Start time:12:41:56
Start date:03/07/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6d64d0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Reset < >

    Execution Graph

    Execution Coverage:19.2%
    Dynamic/Decrypted Code Coverage:100%
    Signature Coverage:11%
    Total number of Nodes:127
    Total number of Limit Nodes:10
    execution_graph 31351 ead01c 31352 ead034 31351->31352 31353 ead08e 31352->31353 31355 7df0781 31352->31355 31356 7df078f 31355->31356 31357 7df080d PostMessageW 31355->31357 31358 7df07aa 31356->31358 31362 7df0781 2 API calls 31356->31362 31364 7df07f8 31356->31364 31367 7df0800 PostMessageW 31356->31367 31359 7df08ad 31357->31359 31358->31353 31359->31353 31360 7df07e9 31360->31353 31362->31360 31365 7df0800 PostMessageW 31364->31365 31366 7df08ad 31365->31366 31366->31360 31368 7df08ad 31367->31368 31368->31360 31275 537d010 31279 537d0fb 31275->31279 31289 537d108 31275->31289 31276 537d01f 31280 537d119 31279->31280 31283 537d13c 31279->31283 31299 537bb74 31280->31299 31283->31276 31284 537d35d GetModuleHandleW 31286 537d39c 31284->31286 31285 537d134 31285->31283 31285->31284 31286->31276 31290 537d119 31289->31290 31293 537d13c 31289->31293 31291 537bb74 GetModuleHandleW 31290->31291 31292 537d124 31291->31292 31292->31293 31297 537d3db 2 API calls 31292->31297 31298 537d3e8 2 API calls 31292->31298 31293->31276 31294 537d35d GetModuleHandleW 31296 537d39c 31294->31296 31295 537d134 31295->31293 31295->31294 31296->31276 31297->31295 31298->31295 31300 537d2f8 GetModuleHandleW 31299->31300 31302 537d124 31300->31302 31302->31283 31303 537d3e8 31302->31303 31308 537d3db 31302->31308 31304 537bb74 GetModuleHandleW 31303->31304 31305 537d3fc 31304->31305 31306 537d421 31305->31306 31313 537cdbc 31305->31313 31306->31285 31309 537d3fc 31308->31309 31310 537bb74 GetModuleHandleW 31308->31310 31311 537cdbc LoadLibraryExW 31309->31311 31312 537d421 31309->31312 31310->31309 31311->31312 31312->31285 31314 537d5f0 LoadLibraryExW 31313->31314 31316 537d6ac 31314->31316 31316->31306 31322 53417ff 31323 5341810 31322->31323 31327 7df7018 31323->31327 31331 7df7020 31323->31331 31324 5341881 31328 7df701d GetConsoleWindow 31327->31328 31330 7df70a2 31328->31330 31330->31324 31332 7df7061 GetConsoleWindow 31331->31332 31334 7df70a2 31332->31334 31334->31324 31250 5340238 31251 5340249 31250->31251 31252 53403ec 31251->31252 31254 5376a20 31251->31254 31255 5376a24 31254->31255 31259 5376b30 31255->31259 31263 5376b20 31255->31263 31261 5376b57 31259->31261 31260 5376c34 31260->31260 31261->31260 31267 5375398 31261->31267 31265 5376b28 31263->31265 31264 5376c34 31264->31264 31265->31264 31266 5375398 CreateActCtxA 31265->31266 31266->31264 31268 5377be8 CreateActCtxA 31267->31268 31270 5377cee 31268->31270 31270->31270 31271 7df29c0 31272 7df2a19 GetClassInfoW 31271->31272 31274 7df2aaa 31272->31274 31317 7df1d70 31318 7df1d7e 31317->31318 31319 7df1d82 SendMessageW 31317->31319 31321 7df1e75 31319->31321 31335 537f4d8 31336 537f4d9 31335->31336 31340 537f6a7 31336->31340 31344 537f6b8 31336->31344 31337 537f60b 31341 537f6b8 31340->31341 31347 537f250 31341->31347 31345 537f250 DuplicateHandle 31344->31345 31346 537f6e6 31345->31346 31346->31337 31348 537f720 DuplicateHandle 31347->31348 31350 537f6e6 31348->31350 31350->31337 31369 ef0c10 31370 ef0c3b 31369->31370 31374 ef313d 31370->31374 31379 ef3435 31370->31379 31384 ef3530 31370->31384 31375 ef315c 31374->31375 31389 ef31e1 31375->31389 31393 ef31f0 31375->31393 31376 ef3171 31376->31370 31381 ef3454 31379->31381 31380 ef351d 31380->31370 31381->31380 31401 ef3580 31381->31401 31406 ef3570 31381->31406 31385 ef3538 31384->31385 31387 ef3580 2 API calls 31385->31387 31388 ef3570 2 API calls 31385->31388 31386 ef3543 31386->31370 31387->31386 31388->31386 31390 ef3214 31389->31390 31391 ef3269 31390->31391 31397 ef16e8 31390->31397 31391->31376 31394 ef3214 31393->31394 31395 ef3269 31394->31395 31396 ef16e8 CheckRemoteDebuggerPresent 31394->31396 31395->31376 31396->31395 31398 ef172c CheckRemoteDebuggerPresent 31397->31398 31400 ef1794 31398->31400 31400->31391 31402 ef35a7 31401->31402 31403 ef3602 31402->31403 31411 ef2f98 31402->31411 31415 ef2f91 31402->31415 31403->31380 31407 ef35a7 31406->31407 31408 ef3602 31407->31408 31409 ef2f98 NtQueryInformationProcess 31407->31409 31410 ef2f91 NtQueryInformationProcess 31407->31410 31408->31380 31409->31408 31410->31408 31412 ef2fe4 NtQueryInformationProcess 31411->31412 31414 ef305c 31412->31414 31414->31403 31416 ef2fe4 NtQueryInformationProcess 31415->31416 31418 ef305c 31416->31418 31418->31403

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 323 ef2790-ef27bb 324 ef27bd 323->324 325 ef27c2-ef286a 323->325 324->325 328 ef287b-ef2883 325->328 329 ef286c-ef2872 328->329 329->328 330 ef2874 329->330 330->328 331 ef295f-ef296b 330->331 332 ef29ef-ef29f3 330->332 333 ef28ae-ef28d6 330->333 334 ef290b-ef2932 330->334 335 ef28d8-ef2906 330->335 336 ef2937-ef295a 330->336 337 ef2885-ef28ac 330->337 338 ef29c5-ef29ea 330->338 339 ef2a14 330->339 340 ef2a02-ef2a0f 330->340 343 ef296d 331->343 344 ef2972-ef2987 331->344 341 ef2a17-ef2a1d 332->341 342 ef29f5-ef29fd 332->342 333->329 334->329 335->329 336->329 337->329 338->329 339->341 340->329 341->331 346 ef2a23-ef2b33 call ef01b0 341->346 342->329 343->344 348 ef298e-ef29a7 344->348 349 ef2989 344->349 368 ef2b5d-ef2ba7 346->368 369 ef2b35-ef2b58 346->369 354 ef29ae-ef29c0 348->354 355 ef29a9 348->355 349->348 354->329 355->354 377 ef2ba9-ef2bc2 368->377 378 ef2bc4-ef2bdb 368->378 372 ef2c3e-ef2c5a call ef31b0 369->372 376 ef2c6b-ef2c71 372->376 379 ef2c5c-ef2c62 376->379 381 ef2bdd-ef2bf3 377->381 378->381 379->376 380 ef2c64 379->380 380->376 382 ef2caf-ef2ccc 380->382 383 ef2ebc-ef2f33 380->383 384 ef2e8a-ef2e90 380->384 385 ef2e59-ef2e88 call ef01c0 380->385 386 ef2ea6-ef2eba 380->386 387 ef2c73-ef2c8f 380->387 388 ef2c91-ef2c9f 380->388 389 ef2c1c-ef2c3b 381->389 390 ef2bf5-ef2c11 381->390 402 ef2cce-ef2cd4 382->402 403 ef2cd6-ef2cde 382->403 411 ef2e96 call ef38dd 384->411 412 ef2e96 call ef38d8 384->412 391 ef2e42-ef2e48 385->391 386->391 387->379 401 ef2ca5-ef2cad 388->401 389->372 390->389 396 ef2e4a 391->396 397 ef2e51-ef2e57 391->397 394 ef2e9c-ef2ea4 394->391 396->383 396->384 396->385 396->386 396->397 397->391 401->379 404 ef2ce0-ef2ce4 402->404 403->404 407 ef2ce6 404->407 408 ef2cf2 404->408 407->408 408->391 411->394 412->394
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: @$TJhq$TJhq$Tecq
    • API String ID: 0-2523468475
    • Opcode ID: 227b30aba2953fc0a2069b9e7810a773970c803d8be8ae502fa1796fbaeecf27
    • Instruction ID: 1b279c60299d75a64178e02f11e7bfb99146494b02e1c55bde0fbfc1f5abaa1a
    • Opcode Fuzzy Hash: 227b30aba2953fc0a2069b9e7810a773970c803d8be8ae502fa1796fbaeecf27
    • Instruction Fuzzy Hash: EC129174E05218CFDB54CF69D884BADBBB2BF49310F1091A9E609B7361D7309A85CF11

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 498 efce10-efce4c 499 efce4e 498->499 500 efce53-efcebb 498->500 499->500 501 efcebd-efcec3 500->501 502 efcec5-efcecd 500->502 503 efcecf-efced3 501->503 502->503 504 efced9-efcf0b 503->504 505 efd0b4-efd0f6 call efd780 503->505 510 efcf1c-efcf22 504->510 511 efd0fc-efd13f 505->511 512 efcf0d-efcf13 510->512 550 efd147-efd161 511->550 512->510 513 efcf15 512->513 513->510 515 efd2ca-efd2fc 513->515 516 efcfa9-efcfaf 513->516 517 efcf35-efcf53 513->517 518 efcf55-efcf8e 513->518 519 efcf24-efcf33 513->519 520 efcf93-efcf9a 513->520 521 efd2a1-efd2ae 513->521 522 efd280-efd29f 513->522 523 efd2b0-efd2c8 513->523 527 efd267-efd26d 515->527 526 efcfbb-efcfbf 516->526 517->512 518->512 519->512 524 efcf9c-efcfa4 520->524 525 efcfb1-efcfb9 520->525 521->527 522->527 523->527 524->512 525->526 533 efcff1-efd050 526->533 534 efcfc1-efcfe9 526->534 529 efd26f 527->529 530 efd276-efd27e 527->530 529->515 529->521 529->522 529->523 529->530 538 efd33d-efd362 529->538 539 efd37a 529->539 540 efd367-efd36b 529->540 541 efd517-efd561 529->541 542 efd566-efd572 529->542 543 efd301-efd30d 529->543 544 efd4c0-efd4ef 529->544 530->527 577 efd052-efd070 533->577 578 efd0a0-efd0ac 533->578 534->533 538->527 548 efd37d-efd389 539->548 540->548 549 efd36d-efd375 540->549 568 efd4a7-efd4ad 541->568 554 efd579-efd5c9 542->554 545 efd30f 543->545 546 efd314-efd338 543->546 565 efd4fb-efd515 544->565 545->546 546->527 548->543 557 efd38f-efd430 call ef01c0 548->557 549->527 563 efd16b-efd173 550->563 564 efd163-efd169 550->564 585 efd5cb-efd5d1 554->585 586 efd5d3-efd5db 554->586 612 efd432 call efe7be 557->612 613 efd432 call efe8ce 557->613 614 efd432 call efe9bd 557->614 615 efd432 call efe61c 557->615 616 efd432 call efe82c 557->616 617 efd432 call efe6ba 557->617 618 efd432 call efe93a 557->618 619 efd432 call efe428 557->619 620 efd432 call efe8b6 557->620 621 efd432 call efe7f2 557->621 622 efd432 call efe650 557->622 623 efd432 call efe860 557->623 570 efd175-efd179 563->570 564->570 565->568 575 efd4af 568->575 576 efd4b6-efd4be 568->576 573 efd18d-efd1d0 570->573 574 efd17b-efd188 570->574 596 efd1da-efd1e2 573->596 597 efd1d2-efd1d8 573->597 579 efd214-efd265 574->579 575->541 575->542 575->544 575->576 576->568 580 efd077-efd09d 577->580 581 efd072 577->581 578->577 583 efd0ae-efd0af 578->583 579->530 580->578 581->580 583->550 589 efd5dd-efd5e1 585->589 586->589 593 efd5ef 589->593 594 efd5e3 589->594 594->593 601 efd1e4-efd1e8 596->601 597->601 601->579 602 efd1ea-efd20d 601->602 602->579 604 efd438-efd442 605 efd44c-efd454 604->605 606 efd444-efd44a 604->606 607 efd456-efd45a 605->607 606->607 607->554 608 efd460-efd4a5 607->608 608->576 612->604 613->604 614->604 615->604 616->604 617->604 618->604 619->604 620->604 621->604 622->604 623->604
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 8hq$Tecq
    • API String ID: 0-1130942621
    • Opcode ID: aa01f38a9ad0a89ff772882c74455d9eb9f089bdd4d9e2d80971379b92f1ada5
    • Instruction ID: e228023d81b538d6832dfb010cd2baca3e73050d20830a3321d7a3b38e744599
    • Opcode Fuzzy Hash: aa01f38a9ad0a89ff772882c74455d9eb9f089bdd4d9e2d80971379b92f1ada5
    • Instruction Fuzzy Hash: 7542A474E05218CFDB24CF69C984BADBBB2BF49304F209199E919A7365DB30AD85CF50

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 624 ef56d8-ef56fd 625 ef56ff 624->625 626 ef5704-ef5747 624->626 625->626 627 ef574d-ef575d 626->627 628 ef584c-ef5853 626->628 629 ef5763-ef577b 627->629 630 ef5af1-ef5b12 627->630 631 ef5867-ef5879 628->631 632 ef5855-ef5865 628->632 636 ef578c-ef5799 629->636 633 ef587b-ef587f 631->633 632->633 633->630 635 ef5885-ef5898 633->635 637 ef58ae-ef58c0 635->637 638 ef589a-ef58a5 635->638 640 ef577d-ef5783 636->640 637->630 639 ef58c6-ef5903 637->639 638->637 658 ef5916-ef5926 639->658 659 ef5905-ef5914 639->659 640->636 641 ef5785 640->641 641->636 643 ef59cf-ef59f7 641->643 644 ef5846-ef5847 641->644 645 ef59a6-ef59cd 641->645 646 ef5aa3-ef5abe 641->646 647 ef5ac3-ef5ace 641->647 648 ef5801-ef582b 641->648 649 ef57de-ef57fc 641->649 650 ef579b-ef57b2 641->650 651 ef59f9-ef59fa 641->651 652 ef5a59-ef5a72 641->652 653 ef57b4-ef57dc 641->653 654 ef5a74-ef5aa1 641->654 655 ef5830-ef5841 641->655 660 ef5980-ef5986 643->660 644->630 645->660 657 ef5a37-ef5a3d 646->657 656 ef5ad7-ef5aeb 647->656 648->640 649->640 650->640 651->656 652->657 653->640 654->657 655->640 656->630 656->639 665 ef5a3f 657->665 666 ef5a46-ef5a57 657->666 663 ef5928-ef592c 658->663 659->663 667 ef598f-ef59a4 660->667 668 ef5988 660->668 663->630 670 ef5932-ef5949 663->670 665->646 665->647 665->652 665->654 665->666 666->657 667->660 668->643 668->645 668->646 668->647 668->651 668->652 668->654 668->667 671 ef59ff-ef5a16 670->671 672 ef594f-ef596f 670->672 671->656 673 ef5a1c-ef5a35 671->673 674 ef5976-ef597e 672->674 675 ef5971 672->675 673->666 674->667 675->674
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: {bO$B]$
    • API String ID: 0-774906849
    • Opcode ID: b62d734c05c2f34a79be24511d1e0432a2e435c97e220aa219750e1fe162915a
    • Instruction ID: b0267b45f0dd1a4de935e8e9b04bdb867873be3846457fd737cbd3fde4edf8ef
    • Opcode Fuzzy Hash: b62d734c05c2f34a79be24511d1e0432a2e435c97e220aa219750e1fe162915a
    • Instruction Fuzzy Hash: 66D12B79A04609CFCB04CF99D4809EDBBB6BF98310B64A265E919EB355D730D942CF50

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 677 efae38-efae60 678 efae67-efaebc 677->678 679 efae62 677->679 684 efaecd-efaed5 678->684 679->678 685 efaebe-efaec4 684->685 685->684 686 efaec6 685->686 686->684 687 efaf0c-efaf34 686->687 688 efaeeb-efaf0a 686->688 689 efb05d-efb08c 686->689 690 efaf79-efb00d 686->690 691 efb198-efb1d0 686->691 692 efb1f8-efb22e 686->692 693 efaed7-efaedb 686->693 694 efaf36-efaf74 686->694 695 efb233-efb23a 686->695 696 efb012-efb058 686->696 697 efb1d2-efb1d9 686->697 698 efb091-efb099 686->698 687->685 688->685 689->685 690->685 718 efb17f-efb185 691->718 692->718 699 efb09b-efb0a1 693->699 700 efaee1-efaee9 693->700 694->685 696->685 701 efb1db 697->701 702 efb1e0-efb1f6 697->702 703 efb0a3-efb0a7 698->703 699->703 700->685 701->702 702->718 711 efb0e9-efb147 703->711 712 efb0a9-efb0e6 703->712 739 efb14e-efb155 711->739 712->711 724 efb18e-efb196 718->724 725 efb187 718->725 724->718 725->691 725->692 725->695 725->697 725->724 740 efb157-efb160 739->740 741 efb176 739->741 742 efb167-efb16a 740->742 743 efb162-efb165 740->743 744 efb179-efb17d 741->744 745 efb174 742->745 743->745 744->724 745->744
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: d%iq$d%iq
    • API String ID: 0-2784920505
    • Opcode ID: abe5bbc2538bfaa8917d5def0b405d6daf98adfdc918c5001d43ebaeb4899fc6
    • Instruction ID: 87c51d3b47089835302c735b352102d4a4494a4ae6e4b8b6079fe469a2b5e7bf
    • Opcode Fuzzy Hash: abe5bbc2538bfaa8917d5def0b405d6daf98adfdc918c5001d43ebaeb4899fc6
    • Instruction Fuzzy Hash: ECC1C1B0E00219CFDB14DFA9C854BEEBBB6BF89300F2095A9D509BB265DB345985CF41

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 746 ef1f50-ef1f72 747 ef1f79-ef1fac 746->747 748 ef1f74 746->748 794 ef1faf call ef2dfe 747->794 795 ef1faf call ef2e17 747->795 796 ef1faf call ef2cf5 747->796 797 ef1faf call ef2d35 747->797 798 ef1faf call ef2790 747->798 748->747 749 ef1fb5-ef1fd7 752 ef1fe8-ef1ff0 749->752 753 ef1fd9-ef1fdf 752->753 753->752 754 ef1fe1 753->754 754->752 755 ef208d-ef20ab 754->755 756 ef218d-ef21af 754->756 757 ef202c-ef2030 754->757 758 ef210a-ef210e 754->758 759 ef20e3-ef2105 754->759 760 ef2001-ef202a 754->760 761 ef2040-ef2074 754->761 762 ef211d 754->762 763 ef1ff2-ef1fff 754->763 764 ef21f2 754->764 765 ef20d1-ef20de 754->765 766 ef21b1-ef21cf 754->766 767 ef21d1-ef21f0 754->767 768 ef20b0-ef20cc 754->768 755->753 784 ef2176-ef217c 756->784 769 ef2036-ef203e 757->769 770 ef2120-ef2129 757->770 771 ef2159-ef215f 758->771 772 ef2110-ef2118 758->772 759->753 760->753 785 ef207b-ef2088 761->785 786 ef2076 761->786 762->770 763->753 778 ef21fa-ef2206 764->778 765->753 766->784 767->784 768->753 769->753 770->761 781 ef212f-ef2156 call ef0168 770->781 771->768 782 ef2165-ef2174 771->782 772->753 781->771 792 ef2185-ef218b 782->792 791 ef217e 784->791 784->792 785->753 786->785 791->756 791->764 791->766 791->767 791->792 792->784 794->749 795->749 796->749 797->749 798->749
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: TJhq$}Mh1
    • API String ID: 0-543230100
    • Opcode ID: e26ee4868218cb2af23b7c506d085bf64156d6a6316dbeab0c399d7fa0e3c056
    • Instruction ID: f52fb3a09883420c37cf2805e4f7236a499d6204387432df7358503150cf8b8b
    • Opcode Fuzzy Hash: e26ee4868218cb2af23b7c506d085bf64156d6a6316dbeab0c399d7fa0e3c056
    • Instruction Fuzzy Hash: 10918E74E0520DCFDB14CFAAC8906AEBBB6BF89300F209169D519BB265D734A946CF40
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: D@
    • API String ID: 0-2222373746
    • Opcode ID: 843674a206b5f6a8d72f868162c22e242ad6065cc2d136d47ac4a32031dd93f4
    • Instruction ID: 87a2226f5c7a4096883be377f09e62c8e854be670315cf2d7ea5291db5e98763
    • Opcode Fuzzy Hash: 843674a206b5f6a8d72f868162c22e242ad6065cc2d136d47ac4a32031dd93f4
    • Instruction Fuzzy Hash: B852C074D05228CFDB64DF65D884BEDBBB2BB89300F2091AAD549B7261DB305E85CF50
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: D@
    • API String ID: 0-2222373746
    • Opcode ID: f1bb14aaa5e1adcfc0ed0a0dc728b051e418ce9aff51f377375f6a78a3c11bb4
    • Instruction ID: a3e1eb1f39dc7c12361ca527dfa92734067690aa5bcf3bc54d5efc119032cfbc
    • Opcode Fuzzy Hash: f1bb14aaa5e1adcfc0ed0a0dc728b051e418ce9aff51f377375f6a78a3c11bb4
    • Instruction Fuzzy Hash: DD22A274D09218CFDB24DFA5C944BADBBB2BF89305F20A1AAD509BB261D7719D84CF01
    APIs
    • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 00EF304A
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID: InformationProcessQuery
    • String ID:
    • API String ID: 1778838933-0
    • Opcode ID: 6cdb01698616dc4443622563b36b839a88b200232d3c784f4cb5f696afb9eb24
    • Instruction ID: 268723eb4b28e43115037fc985019cdfa159f658bf2395858c4039d29e5e0461
    • Opcode Fuzzy Hash: 6cdb01698616dc4443622563b36b839a88b200232d3c784f4cb5f696afb9eb24
    • Instruction Fuzzy Hash: 8B4188B5D002589FCF10CFA9D984ADEFBB1BB49310F20A42AE819B7210D735A946CF54
    APIs
    • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 00EF304A
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID: InformationProcessQuery
    • String ID:
    • API String ID: 1778838933-0
    • Opcode ID: a4b4aa32db022e3236609a43d9fff006cf8b535d3c667cab2b81957952e53fc3
    • Instruction ID: 8b054285e541722c3e325cea4d846aa757e21c82dfbf1f6481c8c78c8ba7db9f
    • Opcode Fuzzy Hash: a4b4aa32db022e3236609a43d9fff006cf8b535d3c667cab2b81957952e53fc3
    • Instruction Fuzzy Hash: A44198B5D002589FCF10CFA9D884ADEFBB1BB49310F10A42AE919B7210D735A945CF65
    APIs
    • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00EF1782
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID: CheckDebuggerPresentRemote
    • String ID:
    • API String ID: 3662101638-0
    • Opcode ID: 8682ab14e8cc125e374303b985ed13fda264b971a77c1cb9f207979cd3e0eb67
    • Instruction ID: ee5facf30e34f0cf2c3035c2606ab74279fc55006084de8ce5982096d88cef94
    • Opcode Fuzzy Hash: 8682ab14e8cc125e374303b985ed13fda264b971a77c1cb9f207979cd3e0eb67
    • Instruction Fuzzy Hash: B541E0B5D0425CDFCB00CFA9D484AEEFBF4AB4A310F24906AE419B7240C778AA45CF64
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: lE'&
    • API String ID: 0-774762260
    • Opcode ID: 700ae94c8e760c3d4153ff8b8085663df5f627713f07173e9071dd4edb927bde
    • Instruction ID: b42812a15d07116a83e372e950d536a436ee3a0e620c4b8f0345dfa14b57eef4
    • Opcode Fuzzy Hash: 700ae94c8e760c3d4153ff8b8085663df5f627713f07173e9071dd4edb927bde
    • Instruction Fuzzy Hash: BED15978A05109CFCB04CFA8D4809EEB7F6FF89310B64A665E509EB351D735EA46CB80
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: Q
    • API String ID: 0-6380037
    • Opcode ID: d19596398235b8a1d17457ab9a9ae8f00f561c8f817e5a8993f9a521aba3035a
    • Instruction ID: cf9f6ffe39176a3c1b262b5eba4920ff5dc2d47763ac8195cf707f7cac1c9658
    • Opcode Fuzzy Hash: d19596398235b8a1d17457ab9a9ae8f00f561c8f817e5a8993f9a521aba3035a
    • Instruction Fuzzy Hash: 05810470D0521CCFDB28DFA5C9487EDBBB2BB89304F20A529D509B72A6DB756985CF00
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e558dfe086d28161b6b55f1b0de2b1063ab8e5d12cccbb2aec3ed722bca3ba51
    • Instruction ID: 84c166304f7ec86d26608bb91e10f8449ab695be2016ec559a1ddd944de59f9f
    • Opcode Fuzzy Hash: e558dfe086d28161b6b55f1b0de2b1063ab8e5d12cccbb2aec3ed722bca3ba51
    • Instruction Fuzzy Hash: C16289B4912208CFE710EF58C148AAEBBF6FB44709F59E059D1486B396C375E888CF59
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d4cf90a07668ea73f9d811b6a17f30a155057d75f81c24ce6afb5ea5154cfaf4
    • Instruction ID: ef7caf31a6e88bfd07a859e414b6611bc8fe80b957911c3d006ae1b5bad6803e
    • Opcode Fuzzy Hash: d4cf90a07668ea73f9d811b6a17f30a155057d75f81c24ce6afb5ea5154cfaf4
    • Instruction Fuzzy Hash: C0429074E05218CFDB68DF69C884B9DBBB6BF49300F1080E9D509AB361DB75AA85CF50
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d11cc6a8e5c9bf83faaaf41a6655c8319c9b62c888fcbf8ac130437ac8e73ec9
    • Instruction ID: 33c25146fb33089af55f3f640260d85c906734539ebed5065569168ea9250658
    • Opcode Fuzzy Hash: d11cc6a8e5c9bf83faaaf41a6655c8319c9b62c888fcbf8ac130437ac8e73ec9
    • Instruction Fuzzy Hash: 5F22DF74E05268CFDB64DF69C8447EDBBF6BB49300F1091AAD40AA7291DB74AAC1CF10
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 81d3150845fd4c4456860cbfc8ff19589d59a19e60e0c39356a8512fc3c71abb
    • Instruction ID: 71d7510a20514084ca7b43c10071c04604766fb3d7dd7c247cbcf0776336329e
    • Opcode Fuzzy Hash: 81d3150845fd4c4456860cbfc8ff19589d59a19e60e0c39356a8512fc3c71abb
    • Instruction Fuzzy Hash: A8E1E670E0521DCFDB54DFA4C8487AEB7BAFF4A300F109199D51AAB290DB34AA858F51
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 41f67fac2fc9bf36f80a0542ffe6ae28616cf8c357fa5b6431b7384f2f6e6263
    • Instruction ID: 17c317c1c310c79c64a88915e28bcbcd8c5e6774605f24b7375941cff2e30355
    • Opcode Fuzzy Hash: 41f67fac2fc9bf36f80a0542ffe6ae28616cf8c357fa5b6431b7384f2f6e6263
    • Instruction Fuzzy Hash: 39F1A174E05218CFDB54CFA9D984AADBBF2FF89304F2091A9E919A7321DB309945CF50
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3c8317d00157623a75b4751e7b646fe02fb2f84645c894b12d814d80edbd4710
    • Instruction ID: b6b62c4cfec903796bdaf832b51b68ece7145c8975839f9a344fdaaea66ca781
    • Opcode Fuzzy Hash: 3c8317d00157623a75b4751e7b646fe02fb2f84645c894b12d814d80edbd4710
    • Instruction Fuzzy Hash: D1C1B574E0560CDFDB29CFA9C8806EEBBF6BF89300F24902AD419AB255D734A945CF54
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: af21e1c91fea4383e45ee8c58d3c1c096faf0808b6557661afe1526085872aff
    • Instruction ID: eb90248e0ade36b45c4d2976b6923450f857e80599a6f351d766613458a78b3c
    • Opcode Fuzzy Hash: af21e1c91fea4383e45ee8c58d3c1c096faf0808b6557661afe1526085872aff
    • Instruction Fuzzy Hash: 7AC1B170E0560CDFDB28CFA9C4806EEBBFABF89300F24902AD419AB255D734A945CF54
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7725362d60d77014894e8655690a052eef52237b19d07f576140c1a25f815900
    • Instruction ID: b69f3d8add7f07200277c52f381ec8a2516dae78883f7bf61ff94f19b4f1f4be
    • Opcode Fuzzy Hash: 7725362d60d77014894e8655690a052eef52237b19d07f576140c1a25f815900
    • Instruction Fuzzy Hash: A6C19F74E0420DCFDB14CFA9C944AEEBBB2BF89304F209069D519BB265DB749A45CF40
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 706213391473df802677ebaf6a6467eb37ddaecc1fcbf27bcf5e0f0ba4d65d18
    • Instruction ID: d366c620cd627ab827aafac2c1d723b753d5dcaaaa2a3fd50789b193b1723722
    • Opcode Fuzzy Hash: 706213391473df802677ebaf6a6467eb37ddaecc1fcbf27bcf5e0f0ba4d65d18
    • Instruction Fuzzy Hash: 26A11371D05609CFCB00DF99C484AEDBBF6BF99300F24A129DA09BB255D770AA85CF90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 714b98924afc472a579e2d0b584811883f241aac876bab16b630a7781b17cfd6
    • Instruction ID: ae906aaafae1433f2c0130f00d1f376e0de0d7f76788671b3bd82761d4a1314d
    • Opcode Fuzzy Hash: 714b98924afc472a579e2d0b584811883f241aac876bab16b630a7781b17cfd6
    • Instruction Fuzzy Hash: 88A10271D49218CFDB14DFA9C8447EEBBFABF49310F10912AD01AAB290DB786985CF54
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bdc627cdd275f88b8473b10ef89f437394f991c516af338a5c3ec12319f101b7
    • Instruction ID: 7cab77496ae45e1aeaaafa35b0a16494bdbf23427b0d2b187f42e9efc5e8b5df
    • Opcode Fuzzy Hash: bdc627cdd275f88b8473b10ef89f437394f991c516af338a5c3ec12319f101b7
    • Instruction Fuzzy Hash: 0891D275E0520CCFDB24CF9AC488AADBBF6BF89310F24916AD405AB764D7789885CF14
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3cbb6e10e893818e760e75ba76ac7feb6dd60d2b212a545326bdcc8d00c23e99
    • Instruction ID: 184ad0292b6be6e8c064539e7044f9f0c7702e77e77f81e09a361c55a287fb9f
    • Opcode Fuzzy Hash: 3cbb6e10e893818e760e75ba76ac7feb6dd60d2b212a545326bdcc8d00c23e99
    • Instruction Fuzzy Hash: 85A16474E04518CFDB54CF6AC884AADBBB6FF89301F14D0AAD919AB361DB30A945CF50
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a33492a4e33f8f9bdde88a0bcda908ba192d88f03e0e3b98022b325ddb04e0f3
    • Instruction ID: bdd0194b22c1873c5377189533a02f2d0f0f17da0353d22f1248e7d8318d987f
    • Opcode Fuzzy Hash: a33492a4e33f8f9bdde88a0bcda908ba192d88f03e0e3b98022b325ddb04e0f3
    • Instruction Fuzzy Hash: AD81F2B4D05209DFDB24DFB9C8446EDBBB2BF89314F20A22AD115B7290DB759A85DF00
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 34c043cbb20f384e95098c3e9ad3e9768598aa1971c80fec980f186771b5e327
    • Instruction ID: ed4426560e6866ca3e11a993b431f99866dd834aee3fdf13a30526d04d008b81
    • Opcode Fuzzy Hash: 34c043cbb20f384e95098c3e9ad3e9768598aa1971c80fec980f186771b5e327
    • Instruction Fuzzy Hash: 3A81F475E0520CCFDB24CF9AC488AADBBF6BF89310F24916AD405AB665D7789845CF04
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5eea256f839a2331d463173e9af2ccdebb93b2de3ef420efd73cc9cb6907616d
    • Instruction ID: 9f99f8861deaf775fd164790f97f29709b9749924333a1e7940a2e376434abba
    • Opcode Fuzzy Hash: 5eea256f839a2331d463173e9af2ccdebb93b2de3ef420efd73cc9cb6907616d
    • Instruction Fuzzy Hash: 0A91E375E05258CFDB29CF69C844B99BBB2BF89300F1481EAD409AB361D7749E85CF11
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8c702c8a96fad5bdd7d937d58f4081c66e6352b07be17a3eea1a4c8eba756dd5
    • Instruction ID: 0f5ccdc7bbe71ba852dede03d24c53642f39af177247921750c57fd137531cf9
    • Opcode Fuzzy Hash: 8c702c8a96fad5bdd7d937d58f4081c66e6352b07be17a3eea1a4c8eba756dd5
    • Instruction Fuzzy Hash: 0C7134B4E0020CCFDB18DF99D8847EDBBB2BB88305F24A0AAC509B7254D7759885CF40
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5b5d56e869706daf8e1531293e045cf1dd137179391c726462d45b8ea1c9053e
    • Instruction ID: 351914891958b00ff6b1712928cf69e84e4ce7276efd35fc00d82da4852d3153
    • Opcode Fuzzy Hash: 5b5d56e869706daf8e1531293e045cf1dd137179391c726462d45b8ea1c9053e
    • Instruction Fuzzy Hash: 5721A7B0C4A30CDBCB14DFA4D4846BDBBBBAF4A314F20A095D40777245DB785B099B04
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b8334d86197328f8efdbbb8474f745840956188b440c309fd34e3ffafa23a922
    • Instruction ID: 6cf6ee457c124d0d36b1b6e8a7d7eb8f621a142ac57e2d028f64039854a76738
    • Opcode Fuzzy Hash: b8334d86197328f8efdbbb8474f745840956188b440c309fd34e3ffafa23a922
    • Instruction Fuzzy Hash: B02142B5D4A20CEBCB14DFA4D5846BDBBBBAF4A314F20A454D00B77645CB789B099B08
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: HandleModule
    • String ID:
    • API String ID: 4139908857-0
    • Opcode ID: 70c603be51cb807ae292e2cec7df0f0719a0061a559418eaa048db437a164036
    • Instruction ID: f77bef9f2a77b5cb3128c8e69c46602099f5290793fe420fd604c6dad3388c9a
    • Opcode Fuzzy Hash: 70c603be51cb807ae292e2cec7df0f0719a0061a559418eaa048db437a164036
    • Instruction Fuzzy Hash: 92910370A007099FDB64DF69D445BAABBF2FF48300F14892AE44AE7750D778E945CB90
    APIs
    • GetClassInfoW.USER32(?,?,?), ref: 07DF2A98
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: ClassInfo
    • String ID:
    • API String ID: 3534257612-0
    • Opcode ID: 9f2902b5d12f97e077ef36504b12e0953c79c60ff255d795d804f767b2b5dbf6
    • Instruction ID: ae3f8621efecbe2b3baa5fd9939b0b4d1f04ea9ccd0375052083b96d2e678b84
    • Opcode Fuzzy Hash: 9f2902b5d12f97e077ef36504b12e0953c79c60ff255d795d804f767b2b5dbf6
    • Instruction Fuzzy Hash: 6F51CAB5D042598FCB11CFAAD984ADDFBF0FF49324F15816AE908AB251D334AA85CF50
    APIs
    • CreateActCtxA.KERNEL32(?), ref: 05377CD9
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: Create
    • String ID:
    • API String ID: 2289755597-0
    • Opcode ID: d1cdc01dba1d490e4f7327c34d976eb317b8628898753f3c2001fce33bf8d6b8
    • Instruction ID: ff2a677154e2551af8a64392c008ac4bf001980cd5fcaf4aed250e25bb13a7d5
    • Opcode Fuzzy Hash: d1cdc01dba1d490e4f7327c34d976eb317b8628898753f3c2001fce33bf8d6b8
    • Instruction Fuzzy Hash: CD51B6B1D0061DCFDB21DFA9C884BDEBBF5BF49300F1080AAD509AB251DA756A85CF91
    APIs
    • PostMessageW.USER32(?,?,?,?), ref: 07DF089B
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: MessagePost
    • String ID:
    • API String ID: 410705778-0
    • Opcode ID: 07fa9a7395097225fdb88bd2c21f2a5b937a0ed0ebca1a617abe031dd30ae059
    • Instruction ID: cf1d67ceb7db18e87a28edb9582294d7f40b3edad89e69f152f04799bb29d1f9
    • Opcode Fuzzy Hash: 07fa9a7395097225fdb88bd2c21f2a5b937a0ed0ebca1a617abe031dd30ae059
    • Instruction Fuzzy Hash: 8C41E1B5E052589FCB01CFA9E844ADEFFB1EF49320F15815AE814BB321D3359905CB91
    APIs
    • CreateActCtxA.KERNEL32(?), ref: 05377CD9
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: Create
    • String ID:
    • API String ID: 2289755597-0
    • Opcode ID: 5c4eaca2e49b67ea152aa1bb8aa31b5b16e1115e8b4775ddb182ddf59ac3514f
    • Instruction ID: 829ed703caac1c48cad86a592aa1ed4db6c56e3709fdfb05d1b128d595783b0d
    • Opcode Fuzzy Hash: 5c4eaca2e49b67ea152aa1bb8aa31b5b16e1115e8b4775ddb182ddf59ac3514f
    • Instruction Fuzzy Hash: FB51B6B1D0021D8FDB20DFA9C884BDEBBB5BF49300F1080A9D509AB251DB756A85CF51
    APIs
    • SendMessageW.USER32(?,?,?,?), ref: 07DF1E63
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: MessageSend
    • String ID:
    • API String ID: 3850602802-0
    • Opcode ID: cd7e6557e398821900e18d4e5ed98eba771715fda22a1def8fb93e26329052ad
    • Instruction ID: ed8620fcacb422de8bf60e127c088f29aed4af4bff43d2bf593a7814e57192c3
    • Opcode Fuzzy Hash: cd7e6557e398821900e18d4e5ed98eba771715fda22a1def8fb93e26329052ad
    • Instruction Fuzzy Hash: 9741EDB5E04218DFCB10CFA9E884A9EFBF5AF49310F14906AE819B7320D735A945CF50
    APIs
    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0537F7EB
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: b43dee4050acfc33f22ebb39f1b5ab1309575ce97a162ff70cdab55bbbf06acf
    • Instruction ID: 5d6c8605f80845a344f0d8f03b22c75ecef631991586b31c1c4b12a4a021ab36
    • Opcode Fuzzy Hash: b43dee4050acfc33f22ebb39f1b5ab1309575ce97a162ff70cdab55bbbf06acf
    • Instruction Fuzzy Hash: 5A4199B9D002589FCB10CFA9D984ADEBBF5BB09320F24906AE818BB310D375A945CF54
    APIs
    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0537F7EB
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: 8f37a43e25796e23f6d2d37894e7b83d84720dd5a9e6361c3ef523041bd864d5
    • Instruction ID: e45eaf764a9eaa1d0664e13c7687469fc91450d2814d3dc738031cb1a828a7af
    • Opcode Fuzzy Hash: 8f37a43e25796e23f6d2d37894e7b83d84720dd5a9e6361c3ef523041bd864d5
    • Instruction Fuzzy Hash: B64155B9D0425C9FCB10CFA9D984ADEBBF5BB09310F14906AE918BB310D335A995CF94
    APIs
    • GetClassInfoW.USER32(?,?,?), ref: 07DF2A98
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: ClassInfo
    • String ID:
    • API String ID: 3534257612-0
    • Opcode ID: 22e3ec8b5d635b1924695cbd33abac6d0ed0d448545c91c432f3755ac6035163
    • Instruction ID: 173628c29b8e13b5cfe78073bcf02d88a303b5f4afb4b878f654a127f2bfb798
    • Opcode Fuzzy Hash: 22e3ec8b5d635b1924695cbd33abac6d0ed0d448545c91c432f3755ac6035163
    • Instruction Fuzzy Hash: E74178B5D01259DFCB10CFA9D984ADDFBF5BB09314F14802AE918BB250D374AA85CF54
    APIs
    • GetClassInfoW.USER32(?,?,?), ref: 07DF2A98
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: ClassInfo
    • String ID:
    • API String ID: 3534257612-0
    • Opcode ID: 7931e299791dcfbc5f8b40b2318a7d2bef196428bd714917c4f1b0456fafc2b8
    • Instruction ID: 5b3afa2c935f93a0ce1ea68311120bec249ac15ca9a2839743c748aa97383d92
    • Opcode Fuzzy Hash: 7931e299791dcfbc5f8b40b2318a7d2bef196428bd714917c4f1b0456fafc2b8
    • Instruction Fuzzy Hash: 694176B4D01259DFCB10CFA9D984ADDFBF5BB09314F14802AE918BB250D374AA85CF54
    APIs
    • LoadLibraryExW.KERNELBASE(?,?,?), ref: 0537D69A
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: LibraryLoad
    • String ID:
    • API String ID: 1029625771-0
    • Opcode ID: 0ec9006572af1a6ffbc0a8c4304c7837ab2bde0ef2bc58b6924f226e1bff55cc
    • Instruction ID: 993ed50491bb1e219d87bda54aba47cca1750bd0c00f189ec060b018077db4ea
    • Opcode Fuzzy Hash: 0ec9006572af1a6ffbc0a8c4304c7837ab2bde0ef2bc58b6924f226e1bff55cc
    • Instruction Fuzzy Hash: 5941A9B8D00258DFCB10CFA9D584A9EFBF5BB09310F14942AE918BB210D378A945CF59
    APIs
    • LoadLibraryExW.KERNELBASE(?,?,?), ref: 0537D69A
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: LibraryLoad
    • String ID:
    • API String ID: 1029625771-0
    • Opcode ID: 65bf745127aad27f8f31911e68e5a64bd84e026caa66ce3dcbf9d1962f828834
    • Instruction ID: 9e2ebeb29c8f16f378f385c31d71ed28851510934692fcebd43630c65feb7c18
    • Opcode Fuzzy Hash: 65bf745127aad27f8f31911e68e5a64bd84e026caa66ce3dcbf9d1962f828834
    • Instruction Fuzzy Hash: 464197B9D0425CDFCB10CFAAD484A9EFBF5BB49310F14942AE919BB210D378A945CF58
    APIs
    • PostMessageW.USER32(?,?,?,?), ref: 07DF089B
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: MessagePost
    • String ID:
    • API String ID: 410705778-0
    • Opcode ID: a97cdeb3b6e36a5ba1d1747569dcda663213a9465f853d50f66f293726dc9501
    • Instruction ID: 0d712412a31e7e851fb1b930210152fc93fd84ee47d613faef3a014b5b28dd9f
    • Opcode Fuzzy Hash: a97cdeb3b6e36a5ba1d1747569dcda663213a9465f853d50f66f293726dc9501
    • Instruction Fuzzy Hash: 643189B9D05258AFCB10CFA9E584ADEFBF5EB09314F24901AE815B7310D335A945CF94
    APIs
    • PostMessageW.USER32(?,?,?,?), ref: 07DF089B
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: MessagePost
    • String ID:
    • API String ID: 410705778-0
    • Opcode ID: 196db034dea9645bd79d0a21d18d0530651e7bc98d1e7c9d090b9af249e333d0
    • Instruction ID: 9d268b6d6d2c4e0f68093d3266828d067e1003850feb4980ee130d587f831d0b
    • Opcode Fuzzy Hash: 196db034dea9645bd79d0a21d18d0530651e7bc98d1e7c9d090b9af249e333d0
    • Instruction Fuzzy Hash: 903178B9D05258AFCB10CFA9E584ADEFBF5EB49310F14902AE818B7310D375A945CFA4
    APIs
    • GetModuleHandleW.KERNELBASE(?), ref: 0537D38A
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID: HandleModule
    • String ID:
    • API String ID: 4139908857-0
    • Opcode ID: 8871d0e3b9b7e477a403a697893028acbd7eb133b16fcada5de346d2004e5981
    • Instruction ID: 0e04627056657b3614a0db3f1e37f2cbcc37397af653fccfbeb0f13e9ab2cbbd
    • Opcode Fuzzy Hash: 8871d0e3b9b7e477a403a697893028acbd7eb133b16fcada5de346d2004e5981
    • Instruction Fuzzy Hash: 9A31A9B4D042099FCB14CFAAD484A9EFBF5AF49310F14806AE818B7310D378A945CFA4
    APIs
    • GetConsoleWindow.KERNELBASE ref: 07DF7090
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: ConsoleWindow
    • String ID:
    • API String ID: 2863861424-0
    • Opcode ID: 83fbac68ba03ce453c5e1cfca83ce040776b49cc33740b0d0938b4245745ed8c
    • Instruction ID: 88c342f72fbb9da6f96ec6cbe364d2bb4b7dce90cbcc3970a729938dba971775
    • Opcode Fuzzy Hash: 83fbac68ba03ce453c5e1cfca83ce040776b49cc33740b0d0938b4245745ed8c
    • Instruction Fuzzy Hash: 6921FAB4D002099FCB10CFA9D984ADEFBF4AF48324F20942AE409B7300C739A905CFA4
    APIs
    • GetConsoleWindow.KERNELBASE ref: 07DF7090
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID: ConsoleWindow
    • String ID:
    • API String ID: 2863861424-0
    • Opcode ID: a9386b96efbee9c961bcbf2b58fbc9e45d166d9795c07c4a10b75177024d2cf9
    • Instruction ID: d4e8d7e366f9920c3999818ce1fdfb7f9e3efa1a2fca24964bffd22b19b5d937
    • Opcode Fuzzy Hash: a9386b96efbee9c961bcbf2b58fbc9e45d166d9795c07c4a10b75177024d2cf9
    • Instruction Fuzzy Hash: 2421EBB4D002099FCB10CFA9D984ADEFBF5AF48324F24942AE409B7300D739A945CFA4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: 3
    • API String ID: 0-1842515611
    • Opcode ID: 7c6e283c12edb935fad0b193bd89227ef36d8ad70a14ff04a5447d83bd774e22
    • Instruction ID: 6cf4442700121d714d34f7ce3505c4654e963e8125533d50fcf5eaa5286e6fcb
    • Opcode Fuzzy Hash: 7c6e283c12edb935fad0b193bd89227ef36d8ad70a14ff04a5447d83bd774e22
    • Instruction Fuzzy Hash: 8DC1C5B5E052988FDB64EF64C95079AB7B6EB89700F1048E9D00EB7390DBB56E81CF40
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: ,
    • API String ID: 0-3772416878
    • Opcode ID: 4157adb2963db4263088dcfdb92f8774a07ab126a81a8ee28ce0060d0a572d96
    • Instruction ID: 3be0e0c56079864ace191f66ee2425fcb627c052b24b830ffd158acd65b406c9
    • Opcode Fuzzy Hash: 4157adb2963db4263088dcfdb92f8774a07ab126a81a8ee28ce0060d0a572d96
    • Instruction Fuzzy Hash: B1B1D7B4E016188FCB65EB64C950BAEB7B2FB89710F1040E9D10EA7B94DB355E81CF91
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: /
    • API String ID: 0-2043925204
    • Opcode ID: 7e1a6ffbd78dc958155233792a562268fd8a1c522021a2f3683fdafdf8895828
    • Instruction ID: 6e96fc59f30710e8b7c72ba18b11fbdb4fd0b0f657d8bab1ff43035982eb1870
    • Opcode Fuzzy Hash: 7e1a6ffbd78dc958155233792a562268fd8a1c522021a2f3683fdafdf8895828
    • Instruction Fuzzy Hash: AEB1E7B4F012188FCB65EB24C850B9AB7B6FB8A710F1040E9D00EA7B94DB345E818F42
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: .
    • API String ID: 0-248832578
    • Opcode ID: db44f7c6610e8f8e9b5296e4253c22cce673a3cd7f4746145f3153124dde6c91
    • Instruction ID: eca99a7b4683da36e63733e06611cd6182dd333f383c85130f8ee08413b0efff
    • Opcode Fuzzy Hash: db44f7c6610e8f8e9b5296e4253c22cce673a3cd7f4746145f3153124dde6c91
    • Instruction Fuzzy Hash: ECB1A5B4E011188FDB65EB64C960B9ABBB6FB89708F1041E9D10EA7394DB345E81CF90
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: -
    • API String ID: 0-2547889144
    • Opcode ID: 0ed703226450324cdf07da7778cf2f5794be88c206bdce5f64c37fb031c7702f
    • Instruction ID: 248a2d6a99516f435bade32ac48af1bd1f165b83cb2cd4b8eb8e067c0128eeb1
    • Opcode Fuzzy Hash: 0ed703226450324cdf07da7778cf2f5794be88c206bdce5f64c37fb031c7702f
    • Instruction Fuzzy Hash: 73B1A5B4E01A188FCB65EB64CD507ABBBB6FB88702F1051E9D10DA7394EB355E818F50
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: )
    • API String ID: 0-2427484129
    • Opcode ID: cb218207f5fccf9a483b5bd6d40f277f49ac29afda8b2acb51f3d432432ac465
    • Instruction ID: a52a0041f0d80dc488f798decd48df2f5a2fac930d268e48ef487b986d5664d3
    • Opcode Fuzzy Hash: cb218207f5fccf9a483b5bd6d40f277f49ac29afda8b2acb51f3d432432ac465
    • Instruction Fuzzy Hash: 94B1A3B4E012188FCB66EB64C99079EB7BAFB88704F5051E9D10EA7394DB345F818F94
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2d9a84c46f2349a825ecd89f2ca6633216f34e1deca87d017bf0684435c19ef4
    • Instruction ID: 682cff407bbf8ddf21a558df4787f3e758eb4f8fa9f353a5984ccdb6cd09283d
    • Opcode Fuzzy Hash: 2d9a84c46f2349a825ecd89f2ca6633216f34e1deca87d017bf0684435c19ef4
    • Instruction Fuzzy Hash: 8FC1CAB4A011188FD764EF64C951B9EB7B6FB88700F1051EAD50DAB394DF34AE818FA1
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 658650f3223b747883f9ee25437dfb66d2fc78826f93860c02b0ece132739527
    • Instruction ID: dabd81f812434f1a19be4f087c1fb227a6ded1d1d0fdffa34af55eecffb061f6
    • Opcode Fuzzy Hash: 658650f3223b747883f9ee25437dfb66d2fc78826f93860c02b0ece132739527
    • Instruction Fuzzy Hash: 82C1A5B4E096188FCBA5EF64C95079EB7B6FB88700F5050E9D00E67394DB396E818F91
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ba383b7fd4a22c548f1642eec415d6ec4c3a49976d92c1df7079997e5af43b59
    • Instruction ID: 41f73f9ebf7dea0219b44f6dded4a1685c1a2824cfc47ec245323b4460946ab1
    • Opcode Fuzzy Hash: ba383b7fd4a22c548f1642eec415d6ec4c3a49976d92c1df7079997e5af43b59
    • Instruction Fuzzy Hash: 36C1B4B4A112188BCB66EB64C9907AEB7BAFB88710F5040E9D00E67794DB345F81DF90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 266909d6a1d751ab6c070a3bd1c48099a40e824fcbd75730108ae3b1d7259ba5
    • Instruction ID: 6c13ba6db0f64c66edc6b808bd2cff2fd4feb849dd243387c95ca5759f0ff002
    • Opcode Fuzzy Hash: 266909d6a1d751ab6c070a3bd1c48099a40e824fcbd75730108ae3b1d7259ba5
    • Instruction Fuzzy Hash: 98C1B5B4E011188FCB65EB64C9607AEBBB6FB89718F5040E9D00EA7794DB345E81CF91
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 98c5b43651cd0dd03454057f9bea39587954469def1a1720d94b7676fe3dfd6a
    • Instruction ID: 00b735e7ee1e8c0c99cac08246430627baba5c65750c4128f602eba7296ec43b
    • Opcode Fuzzy Hash: 98c5b43651cd0dd03454057f9bea39587954469def1a1720d94b7676fe3dfd6a
    • Instruction Fuzzy Hash: 8DC1A1B4A012188FDB65EF64C9607DEB7B6FB89700F5040E9D10EAB3A4DB355E818F90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0510c9e770de67cd1868f124dd40f7b220f2807157cb140e376b0b4e5901c9a8
    • Instruction ID: 2e9feef445611e6994be717efccc4bf860ce47979cc200c65c7abe6e004435ac
    • Opcode Fuzzy Hash: 0510c9e770de67cd1868f124dd40f7b220f2807157cb140e376b0b4e5901c9a8
    • Instruction Fuzzy Hash: 71C1C1B4E012188FDB65EF64C951B9EB7B6FB88700F1081E9D14EA7394EB345E818F91
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e70b25e3d07b37840916b725d26d78f422eac2fecf5b84eaf6a8cdd35b0ef626
    • Instruction ID: 7a5d5ff3ae53f364dc095d9c7095f825f831e5a6933e6e6b2c8e61ab035ac20a
    • Opcode Fuzzy Hash: e70b25e3d07b37840916b725d26d78f422eac2fecf5b84eaf6a8cdd35b0ef626
    • Instruction Fuzzy Hash: 1EC195B4E022188FDB65EB64C95079EB7B6FB88710F1081E9D14DA7395DF345E818F90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 95c8cc6911988c2df359101388fcfabee759de5749ab8b886571c171dcabfa3c
    • Instruction ID: 5bcfc9169073b1309e215e678c7fd00e7f5bec82eb97ebc52ffaaaf01550f8f4
    • Opcode Fuzzy Hash: 95c8cc6911988c2df359101388fcfabee759de5749ab8b886571c171dcabfa3c
    • Instruction Fuzzy Hash: 16C1C8B4E061198FCB65EF64C9987AEB7B6FB88700F5041E9D10E673A4DB345E818F90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 459ca009f27c296e1967da67ec94f4ffe0b9d1573a51f2fc01e16c1532b1927c
    • Instruction ID: cf4e936139667cb8ba03628b54f70364fd29edc7e43ced7794aa51d233e3ce5a
    • Opcode Fuzzy Hash: 459ca009f27c296e1967da67ec94f4ffe0b9d1573a51f2fc01e16c1532b1927c
    • Instruction Fuzzy Hash: 08C1B6B4A012188FEB65EB24C991BAEB7B2FB88710F1042E9D10E67794DF345E85DF50
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6bb41bb9f8d84e75cfac5738ded81dae9459a16abe584573b716883b0fdcaaea
    • Instruction ID: 47497b23cded12b565ff11171626f2611e4ef1c3e15b5f097e4d469fa926c482
    • Opcode Fuzzy Hash: 6bb41bb9f8d84e75cfac5738ded81dae9459a16abe584573b716883b0fdcaaea
    • Instruction Fuzzy Hash: A5C1B3B4E012198FCB65EF64C9947AEB7B6FB88700F1041E9D50EA73A4DB355E808F94
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e604b247566b0e206434469798c87a189e314c34d1b348b91327ae15a84d5c57
    • Instruction ID: 753342233457bb8d0837ac15831704aa52cc94ccb4f4847972b2b79697a52a2d
    • Opcode Fuzzy Hash: e604b247566b0e206434469798c87a189e314c34d1b348b91327ae15a84d5c57
    • Instruction Fuzzy Hash: 81C1A7B4A011188FCB65EFA4C95079ABBB6FF89700F5050EAD10E67394DB356E81DFA0
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 254f5bb4422bdfc34765ad0493e42a6cc0b2aea9d41cb1602abedbc7c3e5e4e0
    • Instruction ID: a53d3dfd5e34947f2d5e67b0683dcf8cb70a72709101fa4a6564f1c842ee3944
    • Opcode Fuzzy Hash: 254f5bb4422bdfc34765ad0493e42a6cc0b2aea9d41cb1602abedbc7c3e5e4e0
    • Instruction Fuzzy Hash: 56B1E5B4E062188FDB65EF64D95079EB7B2FB88710F1041E9D10EA7394DB396E908F90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d538cd37dc977171c2ac1c4e3411566042b23c70a4f1ab09bf71d35f56525903
    • Instruction ID: 9f6cee49246cd626e5a9321ee6842c27d3aa1d88609ef0a6bcb4b0068a7f774a
    • Opcode Fuzzy Hash: d538cd37dc977171c2ac1c4e3411566042b23c70a4f1ab09bf71d35f56525903
    • Instruction Fuzzy Hash: 03B1A1B4E025188FDB65EF64C95079AB7B7ABC8710F1041E9D00EA7394DB365EA1CF90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 11022476914dcd6d66dd3cb277c00b210747d1871932f0b2b7a7afa615e81d8a
    • Instruction ID: 4bca454c4d5e1aa18a352f3752d657f1ec7a6fbf352b95ad3b1fcdd7bab5f4bd
    • Opcode Fuzzy Hash: 11022476914dcd6d66dd3cb277c00b210747d1871932f0b2b7a7afa615e81d8a
    • Instruction Fuzzy Hash: B0B1D6B4A019188FCB65EB64CD907AEB7B6FB88702F1050E9D10EA7394DB355E81CF94
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7c12faf6da96476d9abc0c1972c4157743aa50bfedfe8cc7e652080806edf6a2
    • Instruction ID: c03df4bb221a0ea1349eeb9a2075939df586ee8fc6c88c4633cbdd0e823143c8
    • Opcode Fuzzy Hash: 7c12faf6da96476d9abc0c1972c4157743aa50bfedfe8cc7e652080806edf6a2
    • Instruction Fuzzy Hash: F2B1E4F4A012188FCB65EB24C99079EB7B6FB89704F5040E9D20EA7395DB349E84CF59
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 047ac550a1b38626068a7edaca93a4d17c821b431211223793a3f5f4d17cbd8d
    • Instruction ID: f8f4798c710c6b8b155b839458fee8c8d5d46dec4d768e9a5b03a134980f35c9
    • Opcode Fuzzy Hash: 047ac550a1b38626068a7edaca93a4d17c821b431211223793a3f5f4d17cbd8d
    • Instruction Fuzzy Hash: 30B1D7B4E026188FEB65EF64C9517AEB7B6FB89710F1040E9D10E67396DB345E808F90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2de8726801474622ad78fdafe653134c82bd157a1bbb8bf7bc49dc5f0a7ca93d
    • Instruction ID: 72bcb5dc5f8e4ef3f3e1252f2a6ad475ca2287cae02a3a2474e36c541a0573a0
    • Opcode Fuzzy Hash: 2de8726801474622ad78fdafe653134c82bd157a1bbb8bf7bc49dc5f0a7ca93d
    • Instruction Fuzzy Hash: B7B1B2B4A011188BCB65EB64C9507AAB7F6FB88700F5091E9D18EA7394DF359E81CFD0
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5fba06a8c7f5ce0a4445e0bc2211f95fb8596e3cc237ab52a96d3b161cc51196
    • Instruction ID: 21328e3b279db4e77e226ee21c145da2c25743fee76c2abd8885341829f8e48f
    • Opcode Fuzzy Hash: 5fba06a8c7f5ce0a4445e0bc2211f95fb8596e3cc237ab52a96d3b161cc51196
    • Instruction Fuzzy Hash: 3A514970E09209CBDF14CFA9D4A47FEFBFAEB4A310F109129D416A7294DB78A9418F51
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 490123f905561926f5d769b62a6ac67bbb319a8b1a2753e960b2c7ccc79b17ee
    • Instruction ID: 311f40ca532981f8367d76c46516b43c0dcb8e5dfdf629b219227d00ff9db2cc
    • Opcode Fuzzy Hash: 490123f905561926f5d769b62a6ac67bbb319a8b1a2753e960b2c7ccc79b17ee
    • Instruction Fuzzy Hash: 52511275E0A208CBDB14CFA9D8446EDFBFAEF49310F14912AD41ABB291DB746841CF15
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dc8c71a693d2da3fb32e186cc7da70e67115a37207c28179def0588a9a265409
    • Instruction ID: 1aebbf1248b2e5f7aa40c25390e525a9898ff3a0974b8f09f7f4052a05df9151
    • Opcode Fuzzy Hash: dc8c71a693d2da3fb32e186cc7da70e67115a37207c28179def0588a9a265409
    • Instruction Fuzzy Hash: 64510874E08209DFDB48CFA9D4486EDBBF9EB4E310F105225DA1AAB791CB346541CF41
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: db7728327a257cc6c1795f35ef0abb6c80692a22667b472479c4304065093d4f
    • Instruction ID: db45a2711436647969457bba512e5d13ef103f1cca0d5988cb4692d90d2f31dc
    • Opcode Fuzzy Hash: db7728327a257cc6c1795f35ef0abb6c80692a22667b472479c4304065093d4f
    • Instruction Fuzzy Hash: 6F51C674E00618DFCB18DFA9D8849DDBBB2FF89311F108569E915AB3A0DB31A942CF50
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0ff00fbddca21da1325b236d99b653b7acc51006c8a3a29a576e608c5842e43e
    • Instruction ID: 041f62947c1154d47ff84b2cc359122e965a7ab2e0e5a1063dc2928a20539ab5
    • Opcode Fuzzy Hash: 0ff00fbddca21da1325b236d99b653b7acc51006c8a3a29a576e608c5842e43e
    • Instruction Fuzzy Hash: 2551A4B4E01208CFCB45EFA4D5A169EBBB6FF88710F605029D11AAB3A4DB355D05CF90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0dedf530e9a6eb02be58202a7f710341ae847c0cc9872afc96ead6a78d0c887d
    • Instruction ID: 1e91507a3ea6d2d84ce553c1324950b23dda7d718c8735ccb61fb2874a7ee3a2
    • Opcode Fuzzy Hash: 0dedf530e9a6eb02be58202a7f710341ae847c0cc9872afc96ead6a78d0c887d
    • Instruction Fuzzy Hash: DC31B474E1920DDBCF54DFA8D4906EEFBF9EB0A320F109125D52AE7784DA34A9018F51
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4bc65948b579daf663734cb8217052f805b277516e60b9385aa4e9782d1b0cc6
    • Instruction ID: 06a30d660604e3dea54ccdab6dae71724740b4da7354bffb126cc036277815ab
    • Opcode Fuzzy Hash: 4bc65948b579daf663734cb8217052f805b277516e60b9385aa4e9782d1b0cc6
    • Instruction Fuzzy Hash: 6C315771D092588FCB04DFA9C8502EEBBF6BF8A310F14816AD465BB2A1DB341945CF90
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0732768c47099ee637747a2e4b9188a672ad3764290732f5d3d2b9e18c69cf3c
    • Instruction ID: d1bdf8682fe4961be9ac30040154565365e718e7dbe6e162277ec8c46792bce8
    • Opcode Fuzzy Hash: 0732768c47099ee637747a2e4b9188a672ad3764290732f5d3d2b9e18c69cf3c
    • Instruction Fuzzy Hash: 29213D71D042988FDB19DFA6D9093EDBBF6AF8A300F04D0B6C448AA265DB781945CF11
    Memory Dump Source
    • Source File: 00000000.00000002.2035268912.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_e8d000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 988a2d9cfecea3d3176e8bc48b091472a732f5cf451cad2c901d9bf0734269d9
    • Instruction ID: bca6a087c4f2ff6e7e6b3b2aacda033176c13d81f40c92afa4d77995b667f3a3
    • Opcode Fuzzy Hash: 988a2d9cfecea3d3176e8bc48b091472a732f5cf451cad2c901d9bf0734269d9
    • Instruction Fuzzy Hash: 6D21D3B1508240EFDB05EF14D9C0F26BF65FB98318F24C56AE90D5B296C336D856CBA1
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e59a6dcf6afb648019053dedc95bed6d3ef73961e56abd5b3503b703eb661ffd
    • Instruction ID: 99d19d3f04fda31fc4ebc29864ed8104fbbf950916d46eb3def5e19567e84306
    • Opcode Fuzzy Hash: e59a6dcf6afb648019053dedc95bed6d3ef73961e56abd5b3503b703eb661ffd
    • Instruction Fuzzy Hash: 7A310570E0520DDBCB88DFA8D4487AEBBFAEF4A300F109119D119BB350EB34AA458F51
    Memory Dump Source
    • Source File: 00000000.00000002.2035341861.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ead000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 52c2bbf76378fb8dccb0c2329cb6da7e7101b2d16e4e852452188d708f99577b
    • Instruction ID: 18c9edb5a03a21aaf291b89beea3705166f3018b0b451e5edd8ed9a76418bf23
    • Opcode Fuzzy Hash: 52c2bbf76378fb8dccb0c2329cb6da7e7101b2d16e4e852452188d708f99577b
    • Instruction Fuzzy Hash: 9521F5B1508240DFDB14DF14D9C4B16BBA6EB89318F34C56DD84A5F696C336E807CA61
    Memory Dump Source
    • Source File: 00000000.00000002.2035341861.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ead000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ba0b3ae219a14d985a6adbd6d6a870f2c8763f0617143250f5d3d45653c92b26
    • Instruction ID: 3abc4e47e48df78aa7e86d27448c7f0385bde43a6d46f39d5413eea14cc57e1a
    • Opcode Fuzzy Hash: ba0b3ae219a14d985a6adbd6d6a870f2c8763f0617143250f5d3d45653c92b26
    • Instruction Fuzzy Hash: 8B2107B1508204EFDB05DF54D9C0B25BBA5FB89318F34C56DD80A5F661C336E816CA71
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f9a8c3ab7146cfa4e7bc5b8cea8583afab9745433b5ff6e7fef215c5a708f386
    • Instruction ID: 16cddfb6cdd5dbcec8b17a157848c0ccddc68cefcb4bb484d28a62ac4589db7e
    • Opcode Fuzzy Hash: f9a8c3ab7146cfa4e7bc5b8cea8583afab9745433b5ff6e7fef215c5a708f386
    • Instruction Fuzzy Hash: BB21D8B4E08209CFDB48CFE9D8486EDBBF5AB4E310F109526D92ABA290D7746541CF51
    Memory Dump Source
    • Source File: 00000000.00000002.2035341861.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ead000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fcfbac8a77ebb34a86a919ccab385ee441446a39aac2ee938f0f88e5c6db183d
    • Instruction ID: b6964a8711cf6e036fbb52ba663c6f13ce16491c0b829b6f22f82bab87933e81
    • Opcode Fuzzy Hash: fcfbac8a77ebb34a86a919ccab385ee441446a39aac2ee938f0f88e5c6db183d
    • Instruction Fuzzy Hash: E32141755093808FDB12CF24D9D4715BF72EB46214F28C5DAD8498F6A7C33A980ACB62
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 66bd57609bc48499d3e47074d1c31395562317305db32ae6dd2f4aa3fee1157f
    • Instruction ID: 34a37fef76dba1d4d1227cf4d0a5ee2762ec2afee2f21252da424e35e85a8ef1
    • Opcode Fuzzy Hash: 66bd57609bc48499d3e47074d1c31395562317305db32ae6dd2f4aa3fee1157f
    • Instruction Fuzzy Hash: BC213E75D0D3849FCB06CBB5C8A549CBFB1AF4B200B0944EBD085EB2A3D6341805CF21
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 599af61feb1f5b1fcf37a7d59694393c7bbe42898b59e89679cb1da5584557c3
    • Instruction ID: 1ac8e5de908dd212c176d7dea54c5673c8751d872a432bb6ab972db15de607e1
    • Opcode Fuzzy Hash: 599af61feb1f5b1fcf37a7d59694393c7bbe42898b59e89679cb1da5584557c3
    • Instruction Fuzzy Hash: D311D775E052188BDB18DFAAD8445EDFBF6BF89300F20922AD419BB365DB741845CF50
    Memory Dump Source
    • Source File: 00000000.00000002.2035268912.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_e8d000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
    • Instruction ID: 713acc246300972f8c8d29ae520a8f4bf71045be0021251e9a2ba48fb680969c
    • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
    • Instruction Fuzzy Hash: 00112672404280CFCB02DF10D9C4B16BF71FB94328F24C6AAD84D0B656C336D85ACBA1
    Memory Dump Source
    • Source File: 00000000.00000002.2035341861.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ead000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
    • Instruction ID: d42ded4d58f3cb03285ad2e3b85e69c66d81b6c5d0821ffc246cfb299d8e095c
    • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
    • Instruction Fuzzy Hash: C311BE75508240DFCB01CF50D9C4B15BB61FB89318F24C6A9D84A4F666C33AE81ACB61
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6d01d956bf50eecfc8dd5654350bc6ea20cc0bfab1a26d01263454c42fed163a
    • Instruction ID: ff44ff603d386c887550272af11564d6bdd48f12b453ddae72a4f0791178de4f
    • Opcode Fuzzy Hash: 6d01d956bf50eecfc8dd5654350bc6ea20cc0bfab1a26d01263454c42fed163a
    • Instruction Fuzzy Hash: 7A11D3B4E05288CFCF04DFE4C9645ACFBB6EF49310F2480AAC81AAB655DB359906CF51
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d56bd7a724da9433fa43e1341e9f961b8014595b0592d4c156e43fd4bfda1d9d
    • Instruction ID: c566abbf185d995f190fd7f9485e596a1e06321d14bb17a1c9c62564a3ed18ec
    • Opcode Fuzzy Hash: d56bd7a724da9433fa43e1341e9f961b8014595b0592d4c156e43fd4bfda1d9d
    • Instruction Fuzzy Hash: 3A116978E0424C8FCB54DFA8D4846EDBBF5EB48320F24512AD41AEB251E634A9418F10
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2ab370e40699d216d8852983814781d2a29536be291b9023b9a5d508a57e5a43
    • Instruction ID: 596fbb769d1d8c07f5c5d093e389dd5be9a56adf2fbffc7f1fb82aef3d0de333
    • Opcode Fuzzy Hash: 2ab370e40699d216d8852983814781d2a29536be291b9023b9a5d508a57e5a43
    • Instruction Fuzzy Hash: 0411F6B4E05288DFCB14EFA4C8645ADFFB2FF45300F2480AAC45AAB795DA358906CF11
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bbec4924f948e73697b8f55027ecfb6f2d4eda3e590dbcaeb7b46b51ebc10d14
    • Instruction ID: 19f9ab7456febf88c91fc97b06a37938ccebfac530ea8068e4d9bcbf5f429f1e
    • Opcode Fuzzy Hash: bbec4924f948e73697b8f55027ecfb6f2d4eda3e590dbcaeb7b46b51ebc10d14
    • Instruction Fuzzy Hash: 8221C774A012598FDB60EF68C990B9EBBB2FB48310F1485DAD51DAB395DB34AD808F50
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 79095d72836aa5288b6ca8f3e9cc90799d7a1528c4deca3a45b6232b7d57dc8b
    • Instruction ID: ffe604d166478bbce343de3f3c50ee22c11d06d8036197b100d0197cb0993b76
    • Opcode Fuzzy Hash: 79095d72836aa5288b6ca8f3e9cc90799d7a1528c4deca3a45b6232b7d57dc8b
    • Instruction Fuzzy Hash: 4111E574E00248DFCB59EFE4D4555ACBBB6FF48310F148129E81AAB350DB346942CF40
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 91e382c7bf63c3fb4dd5257f1cc4295919da08951a2c9daa41a18b6dd3774255
    • Instruction ID: 0b3339e194e56c4f3fc9ffa1fac889a8147675b61421b8d670ff815d03a69298
    • Opcode Fuzzy Hash: 91e382c7bf63c3fb4dd5257f1cc4295919da08951a2c9daa41a18b6dd3774255
    • Instruction Fuzzy Hash: 6911D674E05288DFCB55EFE4D8585ACBBB2FF49310F24816AE416AB3A1DB385902CF40
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 704c8d29fb8044e0691f988906d393dfa755b84f638a2a84f4a8f820dcf0f808
    • Instruction ID: 2fb0f62ba77fab572e78aab9aa50c9d71eb40722003786fcc6f4161223ebfbd8
    • Opcode Fuzzy Hash: 704c8d29fb8044e0691f988906d393dfa755b84f638a2a84f4a8f820dcf0f808
    • Instruction Fuzzy Hash: 6FF03A70A4B509CBCB18DFA4E1483FDBBFDEB49710F102029C20A6F652D6342A568B55
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 65fc75d2da921a0a67cf22c36b5b8053c6b609022987c5d274edf8bc53f1b1f6
    • Instruction ID: 28c55002a67ec180795a003eeb1f1ea22dfcd316172735615b1aed467c191f04
    • Opcode Fuzzy Hash: 65fc75d2da921a0a67cf22c36b5b8053c6b609022987c5d274edf8bc53f1b1f6
    • Instruction Fuzzy Hash: 94016D708093899FCB02EBA094686A8FFB5AB06305F0484DAD8C1632A2D3785544CF22
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a8c33a5fd6aa39b7790503155d71c4c9415faf42bb37a58c93ded86ae8bc4d89
    • Instruction ID: f7db0380f46b24defb42d79b34ba13952400b9467df551454ad3a241f595f039
    • Opcode Fuzzy Hash: a8c33a5fd6aa39b7790503155d71c4c9415faf42bb37a58c93ded86ae8bc4d89
    • Instruction Fuzzy Hash: BFF0F4B0C09248DBDF14EFA690583ADFBF5FB05315F0081AAD89662250E7BC9684CF55
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1cf90fe385f22275ffa7806d92c172ad3099b93ea154d34c14154583cd1046f7
    • Instruction ID: da0631fbd72f5231ac8930f9d00681861c768c9f1f50ddecaeec9aa6fd003880
    • Opcode Fuzzy Hash: 1cf90fe385f22275ffa7806d92c172ad3099b93ea154d34c14154583cd1046f7
    • Instruction Fuzzy Hash: 490192B4E012988BCB65EB64C95579DBBB6EB88700F1048E9C10E77394DBB59E80CF40
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c86548a7aa3fa6a51cd91dc1fd0b33776d8a0d2093894c33679cbc4acbe6611b
    • Instruction ID: 00656cc94f0c6114c4006c88d255944f9ff3f2d655e1e7281d1fc0e2033695a9
    • Opcode Fuzzy Hash: c86548a7aa3fa6a51cd91dc1fd0b33776d8a0d2093894c33679cbc4acbe6611b
    • Instruction Fuzzy Hash: 5401DAB49006988FC754EF64CD5079A77B6EB44B0AF1048E8D00976390DB755E848F40
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ac09ef1a83c3a772ad9de10f92eb02586a3caffdb99a60225ef049be990da208
    • Instruction ID: 16f2c2ca814967d78283a5aa57e20af729b3a8296c3390be140107fd600b909c
    • Opcode Fuzzy Hash: ac09ef1a83c3a772ad9de10f92eb02586a3caffdb99a60225ef049be990da208
    • Instruction Fuzzy Hash: D2F0F930C14619CECB10EF68C9555DCF775FF5A300F108699C5993B120EB71A685CF81
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a7e948e638916d4bcea725fe06efa701952a30bfedcd162f8b1f67f177638437
    • Instruction ID: 128b7f9885e40e6ad8e1f99d232790484d8165a4060ffe85d4d6136435214ee0
    • Opcode Fuzzy Hash: a7e948e638916d4bcea725fe06efa701952a30bfedcd162f8b1f67f177638437
    • Instruction Fuzzy Hash: DEE0E574F043188BDB64EB68C894B9DBA76EF89200F4090A98909A7381CE341E819F22
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4327625a50559ffa0abb1b94b580682039361ff88a0a54205eef32a7b659dbb8
    • Instruction ID: 305b1bbc93d80b08a7144a285f26c0cb8ce61b28166d10a990cf57423e52f8f7
    • Opcode Fuzzy Hash: 4327625a50559ffa0abb1b94b580682039361ff88a0a54205eef32a7b659dbb8
    • Instruction Fuzzy Hash: 2EE0E27494D208CECB24DF64C5487ACBBBAAF0A204F2024A9C14A6E642C3715984DF11
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: D@$Tecq$XXcq$XXcq$XXcq$XXcq$$cq$$cq$$cq
    • API String ID: 0-1345857069
    • Opcode ID: e4f746fbdf1b9df27fb3a6553fa5face317d469708516c05ddb17a91860cfa5c
    • Instruction ID: 8379d21b2eefb0346c8d1e3197f1ecedd5d31cff66fd9b75804eb92dab53a5ce
    • Opcode Fuzzy Hash: e4f746fbdf1b9df27fb3a6553fa5face317d469708516c05ddb17a91860cfa5c
    • Instruction Fuzzy Hash: 5812B074E0521CCFDB24DFA9C884BEDBBB2BB89304F20A1AAD509B7255DB745985CF10
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 4$4$4$4$4$4$$cq$$cq
    • API String ID: 0-517616307
    • Opcode ID: 31cc093d794bf9943a7c054657e45a165119f01324c385186c0a9e0fc2e20fa3
    • Instruction ID: 478916098ecd17a6ef8eecb23e21d08e6ff705ac27e16ecd245c01140d7cf50b
    • Opcode Fuzzy Hash: 31cc093d794bf9943a7c054657e45a165119f01324c385186c0a9e0fc2e20fa3
    • Instruction Fuzzy Hash: D562D175A00218DFDB15DFA4C944F99BBB2FF88304F1580E9E609AB272DB329991DF50
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID:
    • String ID: Hgq$Hgq$Hgq$Hgq$Hgq
    • API String ID: 0-2022333140
    • Opcode ID: 2b2ebcd66180a0434190302fcdc76cddc89d403db4b6efbca014ca5644a71d42
    • Instruction ID: 6866d2c6675f54d3d3fca0a1bf3774e1611841a61bb9f28bc6b8f854305be389
    • Opcode Fuzzy Hash: 2b2ebcd66180a0434190302fcdc76cddc89d403db4b6efbca014ca5644a71d42
    • Instruction Fuzzy Hash: E2428EB0E00218DFDB54DFA8C8917AEBBF2BF88300F158169D509AB395DB359D85CB91
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID: Nvbq$TJhq
    • API String ID: 0-3241438886
    • Opcode ID: 45309d21f4d6a0d82ac892fe6db0a914073b0bf587e21867f01659f35912a398
    • Instruction ID: c6757716e7f1503d25a1764910c0e5282735236ad26f1f305486c808def68f0a
    • Opcode Fuzzy Hash: 45309d21f4d6a0d82ac892fe6db0a914073b0bf587e21867f01659f35912a398
    • Instruction Fuzzy Hash: AAE14874E146098FCB14CFA9C8919ADBBF6FF88300B64D5A9E81AEB355D734A941CF40
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 8hq$Tecq
    • API String ID: 0-1130942621
    • Opcode ID: 2eab4b303a4d3095da4e9781a91d2e0cec544e4a73bc6d6e53d08520e0874fcb
    • Instruction ID: 42d8b37ceebc1662c0778a264c486f604540f3e7893ece00eb68c4d9484dd19c
    • Opcode Fuzzy Hash: 2eab4b303a4d3095da4e9781a91d2e0cec544e4a73bc6d6e53d08520e0874fcb
    • Instruction Fuzzy Hash: A3B1EFB4E15208CFDB04CFA9D884AEDFBF6BF89310F259029D50AAB365D734A945CB50
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038712823.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5340000_file.jbxd
    Similarity
    • API ID:
    • String ID: 4|hq
    • API String ID: 0-2311094747
    • Opcode ID: 10a40146f34fa9885220d96f187c054716c06f0fc16b003216d546cbe66308d9
    • Instruction ID: 7ddb1b8d6710b40f65066d5ff32d8163afff14f566623a9cca91c25dd38cc361
    • Opcode Fuzzy Hash: 10a40146f34fa9885220d96f187c054716c06f0fc16b003216d546cbe66308d9
    • Instruction Fuzzy Hash: 0672A1B4E012288FDB68DF68CC94BEDB7B6AB89310F5481EA950DA7351DB745E80CF50
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID: TJhq
    • API String ID: 0-2449534970
    • Opcode ID: 62cec16bfda366f5125556f5c353d0cafe8c2e9dc7e97e0e97e20c9bdc51fc11
    • Instruction ID: 5f88b7046bb8e2bcdafb6947341645d9d83fc92ccdcd21b7ff5e78e874050a07
    • Opcode Fuzzy Hash: 62cec16bfda366f5125556f5c353d0cafe8c2e9dc7e97e0e97e20c9bdc51fc11
    • Instruction Fuzzy Hash: 8D718F74E14A0D8FCB14CFA9C8959AEBBF6FF89300B5495A6D41AEB364D734A901CF40
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a76d67b003fd43fb7c7f2afe8e829cb91dfb08a3d6037f9448782216ed48f501
    • Instruction ID: ba9505a6c65cf6d0c5bccd82437315959d72d1167544ae868516aada0b849694
    • Opcode Fuzzy Hash: a76d67b003fd43fb7c7f2afe8e829cb91dfb08a3d6037f9448782216ed48f501
    • Instruction Fuzzy Hash: AFD1ADB0B006498FDB25EB79C4647AEB7F6AF89700F15446DD245CB290CF39E941CB62
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f074afdfd89b5d53cd01ee3e4ff749972b858652f0bcc8a474114a854732762b
    • Instruction ID: 0695f09b6019e85f9e8b0858f6100da5ac2373fbb4ee6950b9b9c9ceaa1eaedf
    • Opcode Fuzzy Hash: f074afdfd89b5d53cd01ee3e4ff749972b858652f0bcc8a474114a854732762b
    • Instruction Fuzzy Hash: 39F1F4B4D0121CCFDB24CFA9C8847ADBBB2BF89304F28A1A9D509BB255D7745985CF42
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e8e3ce37dd0d19aa8352d989aff8179c1c4190e772f7143b044dd8908b74a094
    • Instruction ID: 28a8d71c2fd341e46bf4c718b9abc4e330a5c698ca2b02a007eebfe60906b792
    • Opcode Fuzzy Hash: e8e3ce37dd0d19aa8352d989aff8179c1c4190e772f7143b044dd8908b74a094
    • Instruction Fuzzy Hash: 32C1F4B0D0564DCFDB18CF96D5486FDBBB2BB89304F28A039C6097B254D7B49886CB52
    Memory Dump Source
    • Source File: 00000000.00000002.2041277864.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7df0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 776c4673872b2038c26ed49e65b4389239be8299acb7f9505e2da449efc6dd47
    • Instruction ID: 6125e7a57e62af21346ea70ba50b41b7caab0b99856ecfb9cff55ae910e82a45
    • Opcode Fuzzy Hash: 776c4673872b2038c26ed49e65b4389239be8299acb7f9505e2da449efc6dd47
    • Instruction Fuzzy Hash: 87C19CB0E00219CFCB15CFA9C980799FBF2AF88310F15C1AAD549AB256EB31D984CB50
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9886eb5b19041233df215c6c06f8749bfd968e33504b865e40bcc4be0fe4b64b
    • Instruction ID: f6f11b8348acac470b172750b11c4125573867bf9277c054f860125804d9bfbd
    • Opcode Fuzzy Hash: 9886eb5b19041233df215c6c06f8749bfd968e33504b865e40bcc4be0fe4b64b
    • Instruction Fuzzy Hash: 35C18CB5912248CFE310EF59C048AAABFF5FB44708F56E059D1186B3A6C774E888CF49
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b8caacf233b4a8d8ba8506d3c537c1bb7841a097124029eac58f7258f060bd60
    • Instruction ID: 56da5f70d4675f044734488ec492072b586048fad4659961f955e7722bde0a1d
    • Opcode Fuzzy Hash: b8caacf233b4a8d8ba8506d3c537c1bb7841a097124029eac58f7258f060bd60
    • Instruction Fuzzy Hash: C4B12370D09508DFDB28DF99C484AEEFBB6BF88300F64D019D414AB655C778A985CF60
    Memory Dump Source
    • Source File: 00000000.00000002.2038812257.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_5370000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c32990e2aa6eb213353bf5aec69516fa89d1405c0ca9b4b6bac061a062b492c5
    • Instruction ID: 1d1b89d1d14b2686adb246fd32b95cb485970a2fe961d2db325bfb4d3816acef
    • Opcode Fuzzy Hash: c32990e2aa6eb213353bf5aec69516fa89d1405c0ca9b4b6bac061a062b492c5
    • Instruction Fuzzy Hash: FC812570D09A0DDBDF24CF9AC4A26EEBBBAFB89300F14D06AD415A7242D7789945CF50
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6c5af2143dc4bae46df12721216328ee2f4a581b7f7a862b4eb5ef463405245c
    • Instruction ID: 48080a2f709b206386d8ca09de9fe856847157fd75e6c7c215cd5e21375e7349
    • Opcode Fuzzy Hash: 6c5af2143dc4bae46df12721216328ee2f4a581b7f7a862b4eb5ef463405245c
    • Instruction Fuzzy Hash: F491A0B4E05208CFCB04CFA9D984AEDBBB6FF89301F249069D519AB361D735A946CF41
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 35afa4eaff26f4768b1904d54c9df50e92bb62f58d7d9c8f1f33b1a0660b018d
    • Instruction ID: d63c6f47547886fb7beeb68e806297182ad6087c407f9b2fb068f7ebbdb6298b
    • Opcode Fuzzy Hash: 35afa4eaff26f4768b1904d54c9df50e92bb62f58d7d9c8f1f33b1a0660b018d
    • Instruction Fuzzy Hash: 9C51E3B0E0520DCBDB18CF99D4446FEFBB2AF88304F24A06AE615B7360D7746945CB81
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b89508dcb091079cb3c131d351d5d42bd52e72749fb9e7527c36b46d64fd334b
    • Instruction ID: 64ef4b2f5097cab08a8ed8d1e9634a2d21abca0ffefb4156c3b40539882be93e
    • Opcode Fuzzy Hash: b89508dcb091079cb3c131d351d5d42bd52e72749fb9e7527c36b46d64fd334b
    • Instruction Fuzzy Hash: CE41E7B4D01209DFCB04DFA9C944AEEBBF6FF89300F20A469D505BB261EB349A45CB55
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b47904b2e84495261a0062a296ebab9dea2075181c966f049f0cfac148385fea
    • Instruction ID: 8f67ab97b43e615830e5887f8f1236ec670aeb14d9d5155a01c5b1d9133e3588
    • Opcode Fuzzy Hash: b47904b2e84495261a0062a296ebab9dea2075181c966f049f0cfac148385fea
    • Instruction Fuzzy Hash: 4441E4B4D01209DFCB04DFA8C940AEEBBF6FF89300F20A469D505BB261EB349A45CB51
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ba633dd1c2fcca5bdd9e918777a565a55546518974889132e6eeeb297ecf9181
    • Instruction ID: b890e2e07d554a70e1ca6a2bfd219816df1f4401efea31fcf556a33a5114d36f
    • Opcode Fuzzy Hash: ba633dd1c2fcca5bdd9e918777a565a55546518974889132e6eeeb297ecf9181
    • Instruction Fuzzy Hash: 7241EEB4D0434CDFDB14CFA9D885BADBBF1AB49304F20A16AE81ABB250D7749885CF45
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3235233752099960726e08de3ba2e3bb6cfbdcd45d0ff133bc3c72bf49ce4c66
    • Instruction ID: 45856b4d571265df20246e1b77ca61ac8933a5e87a80a4887787ec92b5836614
    • Opcode Fuzzy Hash: 3235233752099960726e08de3ba2e3bb6cfbdcd45d0ff133bc3c72bf49ce4c66
    • Instruction Fuzzy Hash: 1F41EEB4D0434CDFDB14CFA9D885AADBBF1BB49304F20A12AE81ABB250D7749885CF45
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a1aa079c6cc4abb247b92ea4cad2202ca3e3f47346dfca831c9114e84f851122
    • Instruction ID: 0b8bea4f8c65d61b97c1907eec48655134bc7cce6d56dbbfbba7fb92c1352955
    • Opcode Fuzzy Hash: a1aa079c6cc4abb247b92ea4cad2202ca3e3f47346dfca831c9114e84f851122
    • Instruction Fuzzy Hash: 83114CB0E05109EBCB08FFA5D5446FDB7BAAB86700F20A8A89509B7252D7745A48DB84
    Memory Dump Source
    • Source File: 00000000.00000002.2035534905.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 05395c44275c9f133daf1440073a1d487f139a48ee77eaa9b191db13dd4fb8c9
    • Instruction ID: 57d22223d7063e6ca36b54b52c31fb3d5bc5feb12908d8b634405caf0d52deb4
    • Opcode Fuzzy Hash: 05395c44275c9f133daf1440073a1d487f139a48ee77eaa9b191db13dd4fb8c9
    • Instruction Fuzzy Hash: 32117C70E06149EACB08EF65D4406FCB7BAAB86344F20B598D10977293DB745A49EB84