Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FONDOS.zip

Overview

General Information

Sample name:FONDOS.zip
Analysis ID:1542231
MD5:74aa14fc281c8e2224ca47400e03bd15
SHA1:5862c8e09652d8d2dc47eaa0dcd4660d31fc1f65
SHA256:cfc296d3f6d635dc77a90109365e858d256b987000f070023c4d56e0fa971ec5
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 1688 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • DIMSA.Principal.exe (PID: 6700 cmdline: "C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe" MD5: AE10FEAD9EA60885A54156F1B4F4D127)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Vbin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdbPK source: bin.zip
Source: Binary string: hbin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552343143.0000000005FBE000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: bin/DIMSA.Negocios.General.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: +bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2559020880.0000000008CDC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552556572.00000000063B2000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: bin/DIMSA.Servicios.Datos.pdbPK source: bin.zip
Source: Binary string: #bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdbPK source: bin.zip
Source: Binary string: W%bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: &bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdbPK source: bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2554012082.0000000006BC2000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2553607236.0000000006762000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Qbin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2556906329.000000000763A000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdbPK source: bin.zip
Source: Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdbPK source: bin.zip
Source: Binary string: * bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdbPK source: bin.zip
Source: Binary string: bin/Calculadora.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/Calculadora.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdbPK source: bin.zip
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\FONDOS\Jump to behavior
Source: DIMSA.Principal.exe, 0000000D.00000002.2550212591.0000000003B91000.00000004.00000800.00020000.00000000.sdmp, DIMSA.Principal.exe, 0000000D.00000002.2550212591.0000000003C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.8.5.61/ServicioWebBCT/BCTService.svc
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ServicioWebBCT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ActualizaClienteBursatilResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ActualizaClienteBursatilT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/BaseDatosDimsaDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/BaseDatosDimsaDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/BaseDatosSGCDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/BaseDatosSGCDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/BaseDatosVALCUSTODIASDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/BaseDatosVALCUSTODIASDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaCuentaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaCuentaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaDocumentoInversionResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaDocumentoInversionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaCustodioResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaCustodioT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaPuestoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaPuestoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorClienteResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorClienteT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorCuentaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorCuentaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaInversionesResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaInversionesT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaLiquidacionesResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaLiquidacionesT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMargenesResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMargenesT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMonedaFondoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMonedaFondoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosEfectivoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosEfectivoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosFondosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosFondosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosMonexResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosMonexT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosValoresSalidasResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosValoresSalidasT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaPersonaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaPersonaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaRecomprasResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaRecomprasT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoClienteFondosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoClienteFondosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaTipoCambioResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaTipoCambioT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaVencimientosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultaVencimientosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultasSaldosValoresResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ConsultasSaldosValoresT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/EnvioAsientoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/EnvioAsientoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/EnvioEmailResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/EnvioEmailT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/EnvioOCResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/EnvioOCT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneCodigoCustodiaEnPuestoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneCodigoCustodiaEnPuestoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEjecutivoFondoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEjecutivoFondoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesHoyResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesHoyT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesPorFechaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesPorFechaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolInversionResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolInversionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolLiquidacionResponsew
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolLiquidacionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/RegistrarCambiarioResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/RegistrarCambiarioT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/RegistrarComisionBursatilResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/RegistrarComisionBursatilT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioBolsaDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioBolsaDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioPELgxDisponibleResponseq
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioPELgxDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioSAPDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioSAPDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioSGCDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/ServicioSGCDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/SincronizaRecordKeeperResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/SincronizaRecordKeeperT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoV2Response
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoV2T
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tempuri.org/T
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeCode function: 13_2_090E979013_2_090E9790
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeCode function: 13_2_090E2BB013_2_090E2BB0
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeCode function: 13_2_090E67B113_2_090E67B1
Source: classification engineClassification label: clean4.winZIP@2/0@0/0
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeMutant created: NULL
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe "C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe"
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSection loaded: rasadhlp.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
Source: FONDOS.zipStatic file information: File size 33032528 > 1048576
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Vbin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdbPK source: bin.zip
Source: Binary string: hbin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552343143.0000000005FBE000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: bin/DIMSA.Negocios.General.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: +bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2559020880.0000000008CDC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552556572.00000000063B2000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: bin/DIMSA.Servicios.Datos.pdbPK source: bin.zip
Source: Binary string: #bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdbPK source: bin.zip
Source: Binary string: W%bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: &bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdbPK source: bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2554012082.0000000006BC2000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2553607236.0000000006762000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Qbin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2556906329.000000000763A000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdbPK source: bin.zip
Source: Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdbPK source: bin.zip
Source: Binary string: * bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdbPK source: bin.zip
Source: Binary string: bin/Calculadora.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/Calculadora.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdbPK source: bin.zip
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeMemory allocated: 1A10000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeMemory allocated: 3B90000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeMemory allocated: 1F60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeThread delayed: delay time: 240000Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeWindow / User API: threadDelayed 529Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976Thread sleep time: -240000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976Thread sleep time: -15870000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeThread delayed: delay time: 240000Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeFile opened: C:\Users\user\Desktop\FONDOS\FONDOS\Jump to behavior
Source: DIMSA.Principal.exe, 0000000D.00000002.2559975933.000000000A38A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
Source: DIMSA.Principal.exe, 0000000D.00000002.2559975933.000000000A360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW>
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Negocios.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Negocios.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Datos.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Datos.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Oracle.DataAccess.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Oracle.DataAccess.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Sybase.Data.AseClient.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Sybase.Data.AseClient.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Rundll32		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)32
Virtualization/Sandbox Evasion		Security Account Manager32
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1542231 Sample: FONDOS.zip Startdate: 25/10/2024 Architecture: WINDOWS Score: 4 4 DIMSA.Principal.exe 4 2->4         started        6 rundll32.exe 2->6         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.fontbureau.com/designers/frere-jones.html0%URL Reputationsafe
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.fontbureau.com/designers?0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.fontbureau.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://tempuri.org/IBCTService/ConsultaPersonaResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
    		unknown
    http://tempuri.org/IBCTService/ConsultaSaldoClienteFondosTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
      		unknown
      http://tempuri.org/IBCTService/ServicioSGCDisponibleTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
        		unknown
        http://schemas.datacontract.org/2004/07/ServicioWebBCTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
          		unknown
          http://tempuri.org/IBCTService/ConsultaPersonaTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
            		unknown
            http://tempuri.org/IBCTService/EnvioAsientoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
              		unknown
              http://tempuri.org/IBCTService/ConsultaEstadoCuentaCustodioResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                		unknown
                http://tempuri.org/IBCTService/ConsultaInversionesResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                  		unknown
                  http://tempuri.org/IBCTService/ConsultaTipoCambioResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                    		unknown
                    http://1.8.5.61/ServicioWebBCT/BCTService.svcDIMSA.Principal.exe, 0000000D.00000002.2550212591.0000000003B91000.00000004.00000800.00020000.00000000.sdmp, DIMSA.Principal.exe, 0000000D.00000002.2550212591.0000000003C6B000.00000004.00000800.00020000.00000000.sdmpfalse
                      		unknown
                      http://www.fontbureau.com/designersDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/IBCTService/ConsultaMovimientosMonexTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                        		unknown
                        http://tempuri.org/IBCTService/ConsultaRecomprasResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                          		unknown
                          http://tempuri.org/IBCTService/ConsultaFondosPorClienteResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                            		unknown
                            http://tempuri.org/IBCTService/SincronizaRecordKeeperTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                              		unknown
                              http://tempuri.org/IBCTService/ObtieneEmisionesHoyTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                		unknown
                                http://tempuri.org/IBCTService/ConsultaMovimientosEfectivoResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                  		unknown
                                  http://www.sajatypeworks.comDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/cTheDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/IBCTService/ConsultaCuentaResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                    		unknown
                                    http://tempuri.org/IBCTService/ObtieneEmisionesPorFechaResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                      		unknown
                                      http://tempuri.org/IBCTService/ProcesaSolLiquidacionResponsewDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                        		unknown
                                        http://tempuri.org/IBCTService/ConsultaVencimientosTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                          		unknown
                                          http://www.galapagosdesign.com/DPleaseDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/IBCTService/EnvioAsientoResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                            		unknown
                                            http://tempuri.org/IBCTService/RegistrarCambiarioResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                              		unknown
                                              http://www.urwpp.deDPleaseDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://tempuri.org/IBCTService/SolicitudMovimientoResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                		unknown
                                                http://www.zhongyicts.com.cnDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/IBCTService/ConsultaMovimientosMonexResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                  		unknown
                                                  http://tempuri.org/IBCTService/ServicioBolsaDisponibleResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                    		unknown
                                                    http://tempuri.org/IBCTService/ObtieneEmisionTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                      		unknown
                                                      http://tempuri.org/IBCTService/ConsultaMovimientosEfectivoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                        		unknown
                                                        http://tempuri.org/IBCTService/EnvioEmailResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                          		unknown
                                                          http://tempuri.org/IBCTService/SolicitudMovimientoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                            		unknown
                                                            http://tempuri.org/IBCTService/ConsultaFondosTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                              		unknown
                                                              http://tempuri.org/IBCTService/ConsultaMargenesResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                		unknown
                                                                http://tempuri.org/IBCTService/ConsultaRecomprasTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                  		unknown
                                                                  http://tempuri.org/IBCTService/EnvioOCTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                    		unknown
                                                                    http://tempuri.org/IBCTService/ConsultaMovimientosValoresSalidasTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                      		unknown
                                                                      http://tempuri.org/IBCTService/ServicioDisponibleResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                        		unknown
                                                                        http://tempuri.org/IBCTService/ConsultaMonedaFondoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                          		unknown
                                                                          http://tempuri.org/IBCTService/ActualizaClienteBursatilResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                            		unknown
                                                                            http://tempuri.org/IBCTService/EnvioEmailTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                              		unknown
                                                                              http://tempuri.org/IBCTService/ProcesaSolLiquidacionTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                		unknown
                                                                                http://tempuri.org/IBCTService/ConsultaSaldoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                  		unknown
                                                                                  http://www.carterandcone.comlDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/IBCTService/SolicitudMovimientoV2TDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                    		unknown
                                                                                    http://tempuri.org/IBCTService/ObtieneCodigoCustodiaEnPuestoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.fontbureau.com/designers/frere-jones.htmlDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/IBCTService/ConsultaEstadoCuentaPuestoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                        		unknown
                                                                                        http://tempuri.org/IBCTService/ConsultaMovimientosFondosResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                          		unknown
                                                                                          http://tempuri.org/IBCTService/ConsultaDocumentoInversionResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                            		unknown
                                                                                            http://tempuri.org/IBCTService/SincronizaRecordKeeperResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                              		unknown
                                                                                              http://tempuri.org/IBCTService/ConsultaDocumentoInversionTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                		unknown
                                                                                                http://tempuri.org/IBCTService/ObtieneEmisionesHoyResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://tempuri.org/IBCTService/BaseDatosSGCDisponibleResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://tempuri.org/IBCTService/SolicitudMovimientoV2ResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://tempuri.org/IBCTService/RegistrarComisionBursatilTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://tempuri.org/IBCTService/ServicioBolsaDisponibleTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://tempuri.org/IBCTService/ConsultaLiquidacionesTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://tempuri.org/IBCTService/ServicioSAPDisponibleResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://tempuri.org/IBCTService/ServicioPELgxDisponibleResponseqDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://tempuri.org/IBCTService/BaseDatosVALCUSTODIASDisponibleResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/IBCTService/ConsultaFondosPorCuentaTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/IBCTService/ConsultaSaldoResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/IBCTService/BaseDatosSGCDisponibleTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/IBCTService/ServicioDisponibleTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.fontbureau.com/designersGDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/IBCTService/ConsultaEstadoCuentaCustodioTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/IBCTService/ObtieneEjecutivoFondoResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.fontbureau.com/designers/?DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.founder.com.cn/cn/bTheDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/IBCTService/ConsultaFondosPorCuentaResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://www.fontbureau.com/designers?DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.tiro.comDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.goodfont.co.krDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://tempuri.org/IBCTService/BaseDatosVALCUSTODIASDisponibleTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://tempuri.org/IBCTService/EnvioOCResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://tempuri.org/IBCTService/ConsultaCuentaTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://tempuri.org/IBCTService/ConsultaVencimientosResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.typography.netDDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://tempuri.org/IBCTService/ServicioPELgxDisponibleTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.galapagosdesign.com/staff/dennis.htmDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://fontfabrik.comDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://tempuri.org/IBCTService/ActualizaClienteBursatilTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://tempuri.org/IBCTService/ProcesaSolInversionResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://tempuri.org/IBCTService/RegistrarComisionBursatilResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://tempuri.org/IBCTService/ObtieneEjecutivoFondoTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://tempuri.org/IBCTService/ObtieneCodigoCustodiaEnPuestoResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://tempuri.org/IBCTService/ConsultaFondosPorClienteTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.fonts.comDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.sandoll.co.krDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.sakkal.comDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://tempuri.org/IBCTService/ConsultaMovimientosValoresSalidasResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://tempuri.org/IBCTService/ConsultaLiquidacionesResponseDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.apache.org/licenses/LICENSE-2.0DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.fontbureau.comDIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://tempuri.org/IBCTService/ProcesaSolInversionTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://tempuri.org/IBCTService/ConsultaMargenesTDIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                  		unknown

                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                  No contacted IP infos

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                  Analysis ID:1542231
                                                                                                                                                                  Start date and time:2024-10-25 17:14:28 +02:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 5m 15s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:16
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:FONDOS.zip
                                                                                                                                                                  Detection:CLEAN
                                                                                                                                                                  Classification:clean4.winZIP@2/0@0/0
                                                                                                                                                                  EGA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  • Number of executed functions: 135
                                                                                                                                                                  • Number of non-executed functions: 1
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .zip

                                                                                                                                                                  Warnings

                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                  • VT rate limit hit for: FONDOS.zip

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  11:16:05API Interceptor971x Sleep call for process: DIMSA.Principal.exe modified

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  No context

                                                                                                                                                                  Domains

                                                                                                                                                                  No context

                                                                                                                                                                  ASNs

                                                                                                                                                                  No context

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  No context

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  No context

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  No created / dropped files found

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                  Entropy (8bit):7.989832960014782
                                                                                                                                                                  TrID:
                                                                                                                                                                  • ZIP compressed archive (8000/1) 100.00%
                                                                                                                                                                  File name:FONDOS.zip
                                                                                                                                                                  File size:33'032'528 bytes
                                                                                                                                                                  MD5:74aa14fc281c8e2224ca47400e03bd15
                                                                                                                                                                  SHA1:5862c8e09652d8d2dc47eaa0dcd4660d31fc1f65
                                                                                                                                                                  SHA256:cfc296d3f6d635dc77a90109365e858d256b987000f070023c4d56e0fa971ec5
                                                                                                                                                                  SHA512:aa65cf04875a99ecf3868c5a44490d616fb259a424f1dae857eea477f3d420c7566b2db8ecb30e968ca6e18fccc908f5c4ba64bf3754fe37a4972af0f30b599b
                                                                                                                                                                  SSDEEP:786432:z0LGGqVz2U4qkfvjRLtpLWxpP0xPV02CxlkeFKJGfZDw:zC8yUxGlLWyPV02ylfZ0
                                                                                                                                                                  TLSH:4877338B4902EB0DB893A210B369191D626E651B58D8DEE377630F2EC79FF94F27104D
                                                                                                                                                                  File Content Preview:PK.........sYY................FONDOS/bin.zipPK.........mVY.n.7....."......bin/AxInterop.AcroPDFLib.dll.Y{p.....$..166..`.R........`acp1.E.<...t./.t......m ..'...yA..y.iB.%S:i..$M&..d.B&.v...I..8.....d......v..}..o.........U.o%..9..?O.......v.).x......yFh~

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:1c1c1e4e4ececedc

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  No network behavior found

                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:0
                                                                                                                                                                  Start time:11:15:00
                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                  Imagebase:0x7ff714dc0000
                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:13
                                                                                                                                                                  Start time:11:15:53
                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                  Path:C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe"
                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                  File size:5'355'008 bytes
                                                                                                                                                                  MD5 hash:AE10FEAD9EA60885A54156F1B4F4D127
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:14.2%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:80.4%
                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                    Total number of Nodes:92
                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                    execution_graph 8759 196a712 8760 196a774 8759->8760 8761 196a73e OleInitialize 8759->8761 8760->8761 8762 196a74c 8761->8762 8830 7682eae 8832 7682ee6 ConvertStringSecurityDescriptorToSecurityDescriptorW 8830->8832 8833 7682f27 8832->8833 8834 196abde 8835 196ac2e EnumThreadWindows 8834->8835 8836 196ac3c 8835->8836 8763 7682662 8765 768269a CreateFileW 8763->8765 8766 76826e9 8765->8766 8767 768277a 8768 76827af GetFileType 8767->8768 8770 76827dc 8768->8770 8771 7680c7a 8772 7680caf PostMessageW 8771->8772 8773 7680ce3 8771->8773 8774 7680cc4 8772->8774 8773->8772 8837 196aac2 8839 196aaf7 RegQueryValueExW 8837->8839 8840 196ab4b 8839->8840 8775 768117e 8776 76811b3 KiUserCallbackDispatcher 8775->8776 8777 76811e7 8775->8777 8778 76811c8 8776->8778 8777->8776 8841 196a4ce 8842 196a544 8841->8842 8843 196a50c DuplicateHandle 8841->8843 8842->8843 8844 196a51a 8843->8844 8779 7680272 8780 768029e FreeLibrary 8779->8780 8781 76802d2 8779->8781 8782 76802b3 8780->8782 8781->8780 8845 7683cb2 8846 7683cdb MessageBoxW 8845->8846 8848 7683d0c 8846->8848 8849 196a876 8850 196a8d3 8849->8850 8851 196a8a8 SetWindowLongW 8849->8851 8850->8851 8852 196a8bd 8851->8852 8783 7682aca 8784 7682b1a RegEnumKeyExW 8783->8784 8785 7682b28 8784->8785 8853 768290a 8855 768293f ReadFile 8853->8855 8856 7682971 8855->8856 8860 7683302 8861 768333a CreateMutexW 8860->8861 8863 768337d 8861->8863 8790 196a9ba 8791 196a9f2 RegOpenKeyExW 8790->8791 8793 196aa48 8791->8793 8794 196a23a 8795 196a260 GetModuleHandleW 8794->8795 8797 196a283 8795->8797 8864 196a2fa 8865 196a326 SetErrorMode 8864->8865 8866 196a34f 8864->8866 8867 196a33b 8865->8867 8866->8865 8798 76810c6 8799 76810fe PeekMessageW 8798->8799 8800 7681132 8798->8800 8801 7681113 8799->8801 8800->8799 8802 768305e 8804 7683096 MapViewOfFile 8802->8804 8805 76830e5 8804->8805 8806 768045e 8807 76804be 8806->8807 8808 7680493 SendMessageW 8806->8808 8807->8808 8809 76804a8 8808->8809 8810 196afae 8812 196afda LoadLibraryShim 8810->8812 8813 196b008 8812->8813 8814 7681d52 8815 7681dbb 8814->8815 8816 7681d87 DrawFrameControl 8814->8816 8815->8816 8817 7681d9c 8816->8817 8818 76836d2 8820 7683707 GetProcessTimes 8818->8820 8821 7683739 8820->8821 8822 76812d2 8823 76812fe DispatchMessageW 8822->8823 8824 7681327 8822->8824 8825 7681313 8823->8825 8824->8823 8868 7680312 8871 7680338 SetWindowTextW 8868->8871 8870 768035e 8871->8870 8826 7680d56 8829 7680d7c LoadLibraryW 8826->8829 8828 7680d98 8829->8828

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 090E2BB0 Relevance: .6, Instructions: 580COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 08eb5bf16763e888a54e462f68c1a1d64e3d78ae042bb4f28a11158ce1b1514b
                                                                                                                                                                    • Instruction ID: 713ebafb507dd2f29bad105a04daf5944a7ee1b94d2cbb0ffe5e8e73fe7afec9
                                                                                                                                                                    • Opcode Fuzzy Hash: 08eb5bf16763e888a54e462f68c1a1d64e3d78ae042bb4f28a11158ce1b1514b
                                                                                                                                                                    • Instruction Fuzzy Hash: 6932D374A002198FDB65CF68C494AADBBF6FF48314F1485A9E81AAB351DB31EC85CF50
                                                                                                                                                                    Function 090E9790 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e66132985c099079014fe5f08dd5e7c863eb75ac28c1c654135327339e36ca75
                                                                                                                                                                    • Instruction ID: 0cd30c75eedabc3471470f87e176723e08644e2c820c8debadb135234de73f78
                                                                                                                                                                    • Opcode Fuzzy Hash: e66132985c099079014fe5f08dd5e7c863eb75ac28c1c654135327339e36ca75
                                                                                                                                                                    • Instruction Fuzzy Hash: 92B1AD74E01208DFDB68DFA5D680AADBBF2EF89304F20846AD819AB354DB355D46CF50
                                                                                                                                                                    Function 07682622 Relevance: 1.6, APIs: 1, Instructions: 102fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 0 7682622-76826ba 4 76826bc 0->4 5 76826bf-76826cb 0->5 4->5 6 76826cd 5->6 7 76826d0-76826d9 5->7 6->7 8 768272a-768272f 7->8 9 76826db-76826ff CreateFileW 7->9 8->9 12 7682731-7682736 9->12 13 7682701-7682727 9->13 12->13
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 076826E1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                    • Opcode ID: 37bac9b360d0762ac6ffe4dc92a3a910f063e10e406cbe1da53abde05bd5a058
                                                                                                                                                                    • Instruction ID: 40ae5190c73278c4fe684d0cab3698f991a06df117660670f5ed6612de7c0079
                                                                                                                                                                    • Opcode Fuzzy Hash: 37bac9b360d0762ac6ffe4dc92a3a910f063e10e406cbe1da53abde05bd5a058
                                                                                                                                                                    • Instruction Fuzzy Hash: B431B3B14053806FE722CB65DC44BA6BFF8EF06314F08849AE9858B653D365A909DB71
                                                                                                                                                                    Function 0196A98A Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 16 196a98a-196aa15 20 196aa17 16->20 21 196aa1a-196aa31 16->21 20->21 23 196aa73-196aa78 21->23 24 196aa33-196aa46 RegOpenKeyExW 21->24 23->24 25 196aa7a-196aa7f 24->25 26 196aa48-196aa70 24->26 25->26
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0196AA39
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                    • Opcode ID: 51ebb34f50f8d7154c9b959e532263bb9b03962773bd5717d86b964f272d5b37
                                                                                                                                                                    • Instruction ID: 353db23740c36e675323a487d9aae391b5f59d56e8aa82f395ec6c782159d253
                                                                                                                                                                    • Opcode Fuzzy Hash: 51ebb34f50f8d7154c9b959e532263bb9b03962773bd5717d86b964f272d5b37
                                                                                                                                                                    • Instruction Fuzzy Hash: D231B6714043846FE7228B25DC45FABBFBCEF05614F04849BED859B552D264E809C771
                                                                                                                                                                    Function 07682E88 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 48 7682e88-7682f09 52 7682f0b 48->52 53 7682f0e-7682f17 48->53 52->53 54 7682f19-7682f21 ConvertStringSecurityDescriptorToSecurityDescriptorW 53->54 55 7682f6f-7682f74 53->55 56 7682f27-7682f39 54->56 55->54 58 7682f3b-7682f6c 56->58 59 7682f76-7682f7b 56->59 59->58
                                                                                                                                                                    APIs
                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 07682F1F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3907675253-0
                                                                                                                                                                    • Opcode ID: e93fc95cefa128a243f84018d29743de76a64bd02ff5aaecc87a0135a27e4c93
                                                                                                                                                                    • Instruction ID: eb354c9b94250241069b61e4041576d59142796732b0f52b0f8ee06247f74344
                                                                                                                                                                    • Opcode Fuzzy Hash: e93fc95cefa128a243f84018d29743de76a64bd02ff5aaecc87a0135a27e4c93
                                                                                                                                                                    • Instruction Fuzzy Hash: 9331B1B15043856FEB21DB65DC45FAABFECEF05210F08849AE985DB252D364E808CB71
                                                                                                                                                                    Function 07683694 Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 63 7683694-7683729 68 768372b-7683733 GetProcessTimes 63->68 69 7683776-768377b 63->69 71 7683739-768374b 68->71 69->68 72 768377d-7683782 71->72 73 768374d-7683773 71->73 72->73
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessTimes.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 07683731
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessTimes
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1995159646-0
                                                                                                                                                                    • Opcode ID: 321beedb919273ec3257a544ff698521d28e1f13c82da4720b5ae2c1fa6c8360
                                                                                                                                                                    • Instruction ID: 502859ec48b9fc92f1e0e3b5f766be4cf61475b80cce2bbf2d526e1504ed69d4
                                                                                                                                                                    • Opcode Fuzzy Hash: 321beedb919273ec3257a544ff698521d28e1f13c82da4720b5ae2c1fa6c8360
                                                                                                                                                                    • Instruction Fuzzy Hash: E631D7B24093846FDB12CF61DC45B96BFB8EF06314F08849AE985CF153D3659949CB71
                                                                                                                                                                    Function 0196AA81 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 31 196aa81-196aaff 34 196ab04-196ab0d 31->34 35 196ab01 31->35 36 196ab12-196ab18 34->36 37 196ab0f 34->37 35->34 38 196ab1d-196ab34 36->38 39 196ab1a 36->39 37->36 41 196ab36-196ab49 RegQueryValueExW 38->41 42 196ab6b-196ab70 38->42 39->38 43 196ab72-196ab77 41->43 44 196ab4b-196ab68 41->44 42->41 43->44
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 0196AB3C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: 379675580cf668e32a575ee384f77d885293d49ad721a2d5cf0e8b0e880f3991
                                                                                                                                                                    • Instruction ID: 71f6550de234b29e93406a7e6d773d4bdd544717ac57af19e71e6fa034493771
                                                                                                                                                                    • Opcode Fuzzy Hash: 379675580cf668e32a575ee384f77d885293d49ad721a2d5cf0e8b0e880f3991
                                                                                                                                                                    • Instruction Fuzzy Hash: 8331A1711093846FE722CB25DC44F96BFFCEF06614F08889AE9899B153D264E849CB71
                                                                                                                                                                    Function 076832D5 Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 76 76832d5-7683351 80 7683353 76->80 81 7683356-768335f 76->81 80->81 82 7683361 81->82 83 7683364-768336d 81->83 82->83 84 76833be-76833c3 83->84 85 768336f-7683393 CreateMutexW 83->85 84->85 88 76833c5-76833ca 85->88 89 7683395-76833bb 85->89 88->89
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateMutexW.KERNEL32(?,?), ref: 07683375
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateMutex
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1964310414-0
                                                                                                                                                                    • Opcode ID: b1a6a9121b9f3e4ed18248f45f55dabad0a00bec33a40371afc741bd01f4336a
                                                                                                                                                                    • Instruction ID: c57d44ffa7a9f9c7b8007810d5b488342de6d9383bd13076ac513f82aeb05f48
                                                                                                                                                                    • Opcode Fuzzy Hash: b1a6a9121b9f3e4ed18248f45f55dabad0a00bec33a40371afc741bd01f4336a
                                                                                                                                                                    • Instruction Fuzzy Hash: 183184B1509380AFE711CB25DC45B5AFFF8EF05714F08849AE984CB352D365E908CB61
                                                                                                                                                                    Function 07680CF5 Relevance: 1.6, APIs: 1, Instructions: 82libraryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 92 7680cf5-7680d7a 94 7680d7c 92->94 95 7680d7f-7680d88 92->95 94->95 96 7680d8a-7680daa LoadLibraryW 95->96 97 7680dc0-7680dc5 95->97 100 7680dac-7680dbf 96->100 101 7680dc7-7680dcc 96->101 97->96 101->100
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 07680D90
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                    • Opcode ID: 6c75f3127ad19db8fd45ec0a343ce2d69fc86d3eb838e8c7fb9e3dbed4131c9a
                                                                                                                                                                    • Instruction ID: 19a98c1ecb0318d736cdc1a060f46e66d5e6823cac706d4ce4f5bb7ac9642141
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c75f3127ad19db8fd45ec0a343ce2d69fc86d3eb838e8c7fb9e3dbed4131c9a
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B31297140E3C09FD7138B359855652BFB4EF03214B0A89DBD8C5CF2A3D268A84DCB62
                                                                                                                                                                    Function 07682738 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 103 7682738-76827c5 107 76827fa-76827ff 103->107 108 76827c7-76827da GetFileType 103->108 107->108 109 76827dc-76827f9 108->109 110 7682801-7682806 108->110 110->109
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileType.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 076827CD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileType
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3081899298-0
                                                                                                                                                                    • Opcode ID: 0bd6135fe03ab05afe2c25b04bbdfe201505b4ad0dc18313f8ff3ffa6c8ee5f7
                                                                                                                                                                    • Instruction ID: b1d1eec6a177f41f7f32364976e16a3e92d8b66920d0c8edf2c22556dc0f1d0f
                                                                                                                                                                    • Opcode Fuzzy Hash: 0bd6135fe03ab05afe2c25b04bbdfe201505b4ad0dc18313f8ff3ffa6c8ee5f7
                                                                                                                                                                    • Instruction Fuzzy Hash: F52129B54093806FE712CF25DC41BA6BFBCEF06324F0885D6ED858B293D264A909DB71
                                                                                                                                                                    Function 07682A74 Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 114 7682a74-7682ac7 116 7682aca-7682b22 RegEnumKeyExW 114->116 118 7682b28-7682b3e 116->118
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 07682B1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Enum
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2928410991-0
                                                                                                                                                                    • Opcode ID: a549f323a33221ea5d2a3eb9d86349e4fec99cf508e3ba77d4bece094b756892
                                                                                                                                                                    • Instruction ID: 843b172e40ac6e1e4dc7ac72f3c1fe2c7c990f5bf007d0c84f21ca8b30e50b37
                                                                                                                                                                    • Opcode Fuzzy Hash: a549f323a33221ea5d2a3eb9d86349e4fec99cf508e3ba77d4bece094b756892
                                                                                                                                                                    • Instruction Fuzzy Hash: 11216D6540E3C06FC3138B358C55A25BFB4EF87614F1D81CFD8848B6A3D225A91AD7A2
                                                                                                                                                                    Function 0768303E Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 119 768303e-76830ca 124 76830cc-76830e3 MapViewOfFile 119->124 125 768310e-7683113 119->125 126 7683115-768311a 124->126 127 76830e5-768310b 124->127 125->124 126->127
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileView
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3314676101-0
                                                                                                                                                                    • Opcode ID: fb3101d69f80668bc0a8d49dd7d4294898aaf86a0f59ffadc902f7113faccb59
                                                                                                                                                                    • Instruction ID: 53551613cee46f6d09937cba4e4aac691a7bf973f97c20bac7bf613c133856d5
                                                                                                                                                                    • Opcode Fuzzy Hash: fb3101d69f80668bc0a8d49dd7d4294898aaf86a0f59ffadc902f7113faccb59
                                                                                                                                                                    • Instruction Fuzzy Hash: E421A371009380AFE722CF65DC45F9AFFF8EF09714F04849EE9858B652D365A508CB61
                                                                                                                                                                    Function 07682662 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 131 7682662-76826ba 134 76826bc 131->134 135 76826bf-76826cb 131->135 134->135 136 76826cd 135->136 137 76826d0-76826d9 135->137 136->137 138 768272a-768272f 137->138 139 76826db-76826e3 CreateFileW 137->139 138->139 141 76826e9-76826ff 139->141 142 7682731-7682736 141->142 143 7682701-7682727 141->143 142->143
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 076826E1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                    • Opcode ID: 6fe4182d4cfdd3a90be2ff0e6ba691a0eaa59ebd7b4182311fdae9f070d44c03
                                                                                                                                                                    • Instruction ID: 0ad2a2b596f2bfc72ad4e8cb4b8a94ec24486a6ebb16f6d74ae40ad1f7f1789b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6fe4182d4cfdd3a90be2ff0e6ba691a0eaa59ebd7b4182311fdae9f070d44c03
                                                                                                                                                                    • Instruction Fuzzy Hash: BD219CB1504244AFEB20DF65D985B6AFBE8FF08314F088569E9858A752D371E848CB61
                                                                                                                                                                    Function 07682B44 Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 146 7682b44-7682b8b 147 7682b8e-7682be6 RegQueryValueExW 146->147 149 7682bec-7682c02 147->149
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 07682BDE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: 72de48afefd4ff58dd2aea211996aec0dcac9e49855e05a365eeae4d7a10fdb6
                                                                                                                                                                    • Instruction ID: c27059f4e09f49f9011ee921a461060a83e5699eb98c67a3ef20359471deba42
                                                                                                                                                                    • Opcode Fuzzy Hash: 72de48afefd4ff58dd2aea211996aec0dcac9e49855e05a365eeae4d7a10fdb6
                                                                                                                                                                    • Instruction Fuzzy Hash: 0A21C57540D3C06FD3138B25CC51B62BFB8EF87614F0985CBE8848B693D2656919C7B2
                                                                                                                                                                    Function 07682EAE Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 166 7682eae-7682f09 169 7682f0b 166->169 170 7682f0e-7682f17 166->170 169->170 171 7682f19-7682f21 ConvertStringSecurityDescriptorToSecurityDescriptorW 170->171 172 7682f6f-7682f74 170->172 173 7682f27-7682f39 171->173 172->171 175 7682f3b-7682f6c 173->175 176 7682f76-7682f7b 173->176 176->175
                                                                                                                                                                    APIs
                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 07682F1F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3907675253-0
                                                                                                                                                                    • Opcode ID: 0c945f5dc8a6b166f37201e649e28cb0820d0c8d015436adca453e82a3df2f51
                                                                                                                                                                    • Instruction ID: 1faa90f54009d2e489b7263b97a9c22f36cc367b5598b3824f2660df3f519551
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c945f5dc8a6b166f37201e649e28cb0820d0c8d015436adca453e82a3df2f51
                                                                                                                                                                    • Instruction Fuzzy Hash: F521C2B2500245AFEB20EB25DD85BAAFBECEF04614F08846AED45DB641D364E449CB71
                                                                                                                                                                    Function 07682D96 Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 150 7682d96-7682e05 154 7682e0a-7682e10 150->154 155 7682e07 150->155 156 7682e12 154->156 157 7682e15-7682e2c 154->157 155->154 156->157 159 7682e2e-7682e41 RegQueryValueExW 157->159 160 7682e63-7682e68 157->160 161 7682e6a-7682e6f 159->161 162 7682e43-7682e60 159->162 160->159 161->162
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 07682E34
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: 88d9f0728fd4ae958a24f5c7b4519c7779246347a0fa84aaffbb6cbf3feaf4eb
                                                                                                                                                                    • Instruction ID: 1e3901d334a9cacef6e00caf7803b8bd75420e4137ec75f83a8bfc6a781938b4
                                                                                                                                                                    • Opcode Fuzzy Hash: 88d9f0728fd4ae958a24f5c7b4519c7779246347a0fa84aaffbb6cbf3feaf4eb
                                                                                                                                                                    • Instruction Fuzzy Hash: FE21A1B2509384AFE721CB21DC84F57BFF8EF45610F08859AEA858B292D364E408CB71
                                                                                                                                                                    Function 0196A9BA Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 180 196a9ba-196aa15 183 196aa17 180->183 184 196aa1a-196aa31 180->184 183->184 186 196aa73-196aa78 184->186 187 196aa33-196aa46 RegOpenKeyExW 184->187 186->187 188 196aa7a-196aa7f 187->188 189 196aa48-196aa70 187->189 188->189
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0196AA39
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                    • Opcode ID: 6040073fa094b0f2b3e84b429a19faf897bf247db7f3834a217d2c79ac3f5a6e
                                                                                                                                                                    • Instruction ID: a9d4002356de121ba6e32d12dd86e32e06ba722dbdcabd7e5f1affeba407cf76
                                                                                                                                                                    • Opcode Fuzzy Hash: 6040073fa094b0f2b3e84b429a19faf897bf247db7f3834a217d2c79ac3f5a6e
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B21D472400204AEE721CB25DD45FAFFBECEF04214F04845AEE4597651D374E8088BB1
                                                                                                                                                                    Function 07683302 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateMutexW.KERNEL32(?,?), ref: 07683375
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateMutex
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1964310414-0
                                                                                                                                                                    • Opcode ID: 911bae20dafbe5c8be44cef9cd27eaeefcd0c02740d36e524d725133862c4c50
                                                                                                                                                                    • Instruction ID: 9633b16fee19a7e39b83aa52d0af5b67d8bd724823e710a3fbefc0e307531462
                                                                                                                                                                    • Opcode Fuzzy Hash: 911bae20dafbe5c8be44cef9cd27eaeefcd0c02740d36e524d725133862c4c50
                                                                                                                                                                    • Instruction Fuzzy Hash: 4221BEB15042809FE720DF26DD49BAAFBE8EF05714F08846AED858B741D775E808CA62
                                                                                                                                                                    Function 076828EA Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ReadFile.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 07682969
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                    • Opcode ID: 56fb4b94c3d579109f175f1b299264e73d5b03e8d542996a82df04d8ac0818cb
                                                                                                                                                                    • Instruction ID: 5476be2dd4962a551072f06e1e78d605b7f1bca62a8dac765a02306ef8549e94
                                                                                                                                                                    • Opcode Fuzzy Hash: 56fb4b94c3d579109f175f1b299264e73d5b03e8d542996a82df04d8ac0818cb
                                                                                                                                                                    • Instruction Fuzzy Hash: 5F2184B1409384AFDB21CF61DD44F97FFB8EF45714F08849AE9859B152C365A448CB72
                                                                                                                                                                    Function 0196AAC2 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 0196AB3C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: c92f1376303869338fc4d63766424a118ea3980e8692a1abee6954d9f3813982
                                                                                                                                                                    • Instruction ID: db6bcc80403a6ef8a832414bc5697b02da7965abf184015f1b6151f6936bfbd9
                                                                                                                                                                    • Opcode Fuzzy Hash: c92f1376303869338fc4d63766424a118ea3980e8692a1abee6954d9f3813982
                                                                                                                                                                    • Instruction Fuzzy Hash: AB21A271600604AFE720CF25DD84FA7FBECEF04610F04C89AEA49DB652D364E848CA71
                                                                                                                                                                    Function 07681140 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,?,?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 076811B9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                    • Opcode ID: 821cc7610acefbc15b6aef17fc2316fba0eb49528264a6a03ddb7f7ea50e8632
                                                                                                                                                                    • Instruction ID: ac058679dbb98515fe6eba749217ee0258889c7d3c7e921482f700d974b2a8df
                                                                                                                                                                    • Opcode Fuzzy Hash: 821cc7610acefbc15b6aef17fc2316fba0eb49528264a6a03ddb7f7ea50e8632
                                                                                                                                                                    • Instruction Fuzzy Hash: 4A21A17510A7C09FDB138B25CC45A62BFB4EF47224F0984DEDD858F663C265A909CB62
                                                                                                                                                                    Function 0768305E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileView
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3314676101-0
                                                                                                                                                                    • Opcode ID: 80fae84d667ac3a0f5adbe1c6adc55885eb6a5b2e2fe629b8a636a147d357efd
                                                                                                                                                                    • Instruction ID: 7835b4a8b121cbcd6750a328015092a8673bac535da04f37cf5737b62db6d9d6
                                                                                                                                                                    • Opcode Fuzzy Hash: 80fae84d667ac3a0f5adbe1c6adc55885eb6a5b2e2fe629b8a636a147d357efd
                                                                                                                                                                    • Instruction Fuzzy Hash: A621F0B1004244AFEB21DF26DC45FAAFBE8EF08714F04855AEA858B741D375E409CBB2
                                                                                                                                                                    Function 07680223 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 076802A4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                    • Opcode ID: c9e5ebbcc7530c4e705428ad48a594fed8dfdf7f41be9226c0c4d4671abe95b4
                                                                                                                                                                    • Instruction ID: 62afd69ea7bc0ca61201260a96bb2638725633802a5920d8a612f094b5e74eb8
                                                                                                                                                                    • Opcode Fuzzy Hash: c9e5ebbcc7530c4e705428ad48a594fed8dfdf7f41be9226c0c4d4671abe95b4
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F21377500E7C49FD7138B259865652BFB4AF03220F0A84DBD985CF6A3C268A84CCB72
                                                                                                                                                                    Function 0196A1F4 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 0196A274
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                    • Opcode ID: 927c66b17c412af46e9f3bbf9e3969278e38f6be44a2cf3476d70b02a35ced72
                                                                                                                                                                    • Instruction ID: 82e4d076ee450ac7ddfcadc3bd3925c7e7fb5dde1a16904dbe8dc62120c1a7d1
                                                                                                                                                                    • Opcode Fuzzy Hash: 927c66b17c412af46e9f3bbf9e3969278e38f6be44a2cf3476d70b02a35ced72
                                                                                                                                                                    • Instruction Fuzzy Hash: AF218E7540D7C09FD7138B25DC41762BFB8EF47620F0984DBE9848B2A3D269A909C772
                                                                                                                                                                    Function 07682DC2 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 07682E34
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: afe2bfd4db0b8ea8ce93be581a4534f3362f5d3a30d911dbb2376ce950f91f53
                                                                                                                                                                    • Instruction ID: cfb7edcfe035bf13addc6d1e0d9fb914f29334e8aa70fb677fcef90b384f495e
                                                                                                                                                                    • Opcode Fuzzy Hash: afe2bfd4db0b8ea8ce93be581a4534f3362f5d3a30d911dbb2376ce950f91f53
                                                                                                                                                                    • Instruction Fuzzy Hash: 3211B1B2500204AFEB60DF25DD84FA7F7ECFF08610F08855AEA468B751D364E449CAB5
                                                                                                                                                                    Function 0196AF7D Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0196AFF9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoadShim
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1475914169-0
                                                                                                                                                                    • Opcode ID: 514db8923a18f92eb84cb73afa50dc78887753c5b79aa82d82f0f1f3ae046763
                                                                                                                                                                    • Instruction ID: c3ba2872c95f5566cf8d897b35283c5cb2692809792080d621eeda08c17f1515
                                                                                                                                                                    • Opcode Fuzzy Hash: 514db8923a18f92eb84cb73afa50dc78887753c5b79aa82d82f0f1f3ae046763
                                                                                                                                                                    • Instruction Fuzzy Hash: 022193B55093805FDB22CB15DC45B62BFFCEF06214F08808AED85CB293D265A809CB72
                                                                                                                                                                    Function 07680C42 Relevance: 1.6, APIs: 1, Instructions: 64windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 07680CB5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                                                    • Opcode ID: f2dc2376e349b7895d9d5c27a8da4683693cf270bf6ed506ee77c114059da49b
                                                                                                                                                                    • Instruction ID: c9f95ea72cb34ddefea0a1ff8e320da6b6619a5791f60348defcc48eff3e1d1f
                                                                                                                                                                    • Opcode Fuzzy Hash: f2dc2376e349b7895d9d5c27a8da4683693cf270bf6ed506ee77c114059da49b
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D21CD714097C09FDB238F21CC45A52FFB4EF06220F0884DEED858B263D265A808CB62
                                                                                                                                                                    Function 076836D2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessTimes.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 07683731
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessTimes
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1995159646-0
                                                                                                                                                                    • Opcode ID: fae8b578f91b2eb431124a08c3ef095adf5d81cc090272a629625e3af0ac5ffd
                                                                                                                                                                    • Instruction ID: 4a92d16b033b038abd1cab7967502f6c60e2469d22b36f72c430ffef860cfca5
                                                                                                                                                                    • Opcode Fuzzy Hash: fae8b578f91b2eb431124a08c3ef095adf5d81cc090272a629625e3af0ac5ffd
                                                                                                                                                                    • Instruction Fuzzy Hash: 8611E1B2500204AFEB209F21DD44BAAFBE8EF05610F04846AEA468A651C374E4088BA1
                                                                                                                                                                    Function 07681D1B Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DrawFrameControl.USER32(?,?,?,?), ref: 07681D8D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ControlDrawFrame
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3837821161-0
                                                                                                                                                                    • Opcode ID: e600af3cf3f0b4cccfab23d68f1517726649215c88a3820395876bd32a9c1059
                                                                                                                                                                    • Instruction ID: 5acf6eadb43543c46c01d31da79b4ca0ef4ff9d2c5ae71d5dd1bdb18612e6c6c
                                                                                                                                                                    • Opcode Fuzzy Hash: e600af3cf3f0b4cccfab23d68f1517726649215c88a3820395876bd32a9c1059
                                                                                                                                                                    • Instruction Fuzzy Hash: FE21D2755097809FDB12CB25DC41B62BFB4EF0B310F0884DEEDC58B263C265A858DB61
                                                                                                                                                                    Function 0196ABAB Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnumThreadWindows.USER32(?,00000E24,?,?), ref: 0196AC2E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EnumThreadWindows
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2941952884-0
                                                                                                                                                                    • Opcode ID: eaa72c9cb7d1e110b74c35943eb44e7451f1021dc61333e9a511bd71cb2c4f51
                                                                                                                                                                    • Instruction ID: 6766182b224ff4bade9b583313471b32460b7cdf57538ba27e86602a66ad190e
                                                                                                                                                                    • Opcode Fuzzy Hash: eaa72c9cb7d1e110b74c35943eb44e7451f1021dc61333e9a511bd71cb2c4f51
                                                                                                                                                                    • Instruction Fuzzy Hash: 0211E9715483807FD311CB16DC41F76FFB8EF86624F09819AEC484BA42D264B919CBB2
                                                                                                                                                                    Function 076802E0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0768034F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 530164218-0
                                                                                                                                                                    • Opcode ID: c0f5fc2f8c3156cb10849225021bb0837ce18ebf32e78a0c8a34f26cd1ad6297
                                                                                                                                                                    • Instruction ID: efa77fb91d56f74eec34f972048f80144e1382b92ac42fc78d7fae5e9f5208e4
                                                                                                                                                                    • Opcode Fuzzy Hash: c0f5fc2f8c3156cb10849225021bb0837ce18ebf32e78a0c8a34f26cd1ad6297
                                                                                                                                                                    • Instruction Fuzzy Hash: C71184B55093C19FD7128B25DC85B52BFB8EF07220F0985DEDD858F263D264A808CB72
                                                                                                                                                                    Function 07681092 Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PeekMessageW.USER32(?,?,?,?,?), ref: 07681104
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePeek
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2222842502-0
                                                                                                                                                                    • Opcode ID: c3c897fed5d5df7b7ab1bf6d595357dd4a05ea4d4ddd8782ac8b433c0b735406
                                                                                                                                                                    • Instruction ID: cbd3cc5965b7e2169cfc0f573f9218b0cb230dd985c49fb56dcf53dcd48d2fbd
                                                                                                                                                                    • Opcode Fuzzy Hash: c3c897fed5d5df7b7ab1bf6d595357dd4a05ea4d4ddd8782ac8b433c0b735406
                                                                                                                                                                    • Instruction Fuzzy Hash: 0E21AE710093849FDB128F25DC44AA2BFB4EF07210F0885DAEDC54B663C265A859DB22
                                                                                                                                                                    Function 0196A4A7 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0196A512
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                                    • Opcode ID: 5560ac3e533c7fc58b49cb81fbc01bbcff486447cffeb145e55e9cbe0e5ec9a1
                                                                                                                                                                    • Instruction ID: 0c4d978b1c05cf23630a9f282df0d8c8418f9b699d0b1b279eaf805a0a689bcf
                                                                                                                                                                    • Opcode Fuzzy Hash: 5560ac3e533c7fc58b49cb81fbc01bbcff486447cffeb145e55e9cbe0e5ec9a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 3F116071409780AFDB228F55DC44A62FFF8EF4A310F08849AED898B562C375A419DB61
                                                                                                                                                                    Function 0768290A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ReadFile.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 07682969
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                    • Opcode ID: 53924f12151a3af6c2a02ab037cde82f110d1410453c698637839fd036ecb359
                                                                                                                                                                    • Instruction ID: 5cfd944c2a15988114a2f5b427b73c09c4b6770541a5f97a08dda913fbf52fa9
                                                                                                                                                                    • Opcode Fuzzy Hash: 53924f12151a3af6c2a02ab037cde82f110d1410453c698637839fd036ecb359
                                                                                                                                                                    • Instruction Fuzzy Hash: 991108B1400204AFEB20DF51DD44FAAFBECEF04714F04845AEE459B641C374A409CBB2
                                                                                                                                                                    Function 07683C92 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 07683CFD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2030045667-0
                                                                                                                                                                    • Opcode ID: 7b7bb956923ed95c9e57fa7f15975892af962d68fe4a804abe8187308a0e5ce5
                                                                                                                                                                    • Instruction ID: 9b297a9319c0df2a423ddd4afb3b92e99ee42e230ec97cf8595f9ced0f7c63d5
                                                                                                                                                                    • Opcode Fuzzy Hash: 7b7bb956923ed95c9e57fa7f15975892af962d68fe4a804abe8187308a0e5ce5
                                                                                                                                                                    • Instruction Fuzzy Hash: 9411C4B5505340AFDB21CF26DC45B66FFF8EF05620F08808AED858B352D265E808CB71
                                                                                                                                                                    Function 0768277A Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileType.KERNEL32(?,00000E24,F030899E,00000000,00000000,00000000,00000000), ref: 076827CD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileType
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3081899298-0
                                                                                                                                                                    • Opcode ID: 6a1cc33d746e0f45eef2b1392e2efbe78f57aa96e064a97f279d9c2a01147927
                                                                                                                                                                    • Instruction ID: 87f88d2854348c3ab38c0ab708adfab069217235381a6bb9ca55b8f2327ea8f0
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a1cc33d746e0f45eef2b1392e2efbe78f57aa96e064a97f279d9c2a01147927
                                                                                                                                                                    • Instruction Fuzzy Hash: CB01D6B1504244AEE710DB25DD85BAAF7DCEF04624F14C096EE458B781C3B4A4498AB2
                                                                                                                                                                    Function 0768043C Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageW.USER32(?,?,?,?), ref: 07680499
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                    • Opcode ID: 6fde29a8b64a6c7de3ab46273e77d97b616f222ddc7e92551c60503709e9fbb5
                                                                                                                                                                    • Instruction ID: 68b27da35dabea9fe4391a31daa3e2688b7352c41d2f2cb2b6f51b19c8e91b0f
                                                                                                                                                                    • Opcode Fuzzy Hash: 6fde29a8b64a6c7de3ab46273e77d97b616f222ddc7e92551c60503709e9fbb5
                                                                                                                                                                    • Instruction Fuzzy Hash: B311A071409780AFDB228F15DC44A66FFB4EF46220F08849EED894B662C275A85CCB62
                                                                                                                                                                    Function 076812B0 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 07681304
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatchMessage
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2061451462-0
                                                                                                                                                                    • Opcode ID: 4521ab2f31e1211ad803dd16b9c135b0af2587c88142c42ab6515c4df45f258a
                                                                                                                                                                    • Instruction ID: ff9a18d7a694020d64ca9a64279789b45d248a4d877195335422c8d6f6106859
                                                                                                                                                                    • Opcode Fuzzy Hash: 4521ab2f31e1211ad803dd16b9c135b0af2587c88142c42ab6515c4df45f258a
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E1165754093849FDB128F15DC45B62FFB4EF47625F0880DAED858B652D275A808CB72
                                                                                                                                                                    Function 0196A2D8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 0196A32C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                    • Opcode ID: 1e14dd486b9cd78397beb0070c3c786afa093fed28472d866ec93c9868172072
                                                                                                                                                                    • Instruction ID: ba0125c135859d33d8c13b7c9d2e48149cc1783c9f1bb9a29b811e9a16e83cff
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e14dd486b9cd78397beb0070c3c786afa093fed28472d866ec93c9868172072
                                                                                                                                                                    • Instruction Fuzzy Hash: 62118471409384AFDB128B15DC45B62FFB8EF46625F0C80DAED895B263D275A808CB72
                                                                                                                                                                    Function 0196A854 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0196A8AE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LongWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1378638983-0
                                                                                                                                                                    • Opcode ID: 85bfe5d34530a78b22f9b3ce084e94bef5eaa734b8b118c20c00c587b2d8773e
                                                                                                                                                                    • Instruction ID: d188e7aba69360fcf947e67469bbe5cdfd8e1b758c6fbb5506c6bdeb583dbcc0
                                                                                                                                                                    • Opcode Fuzzy Hash: 85bfe5d34530a78b22f9b3ce084e94bef5eaa734b8b118c20c00c587b2d8773e
                                                                                                                                                                    • Instruction Fuzzy Hash: 231170714097849FD7228F55DC45A52FFF8EF06220F0884DAED894B262C375A819DB62
                                                                                                                                                                    Function 07683CB2 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 07683CFD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2030045667-0
                                                                                                                                                                    • Opcode ID: f2a7ecfcee43d065dbcf5acb10ec403a6b16e204b76fe97e8a0af766d740abef
                                                                                                                                                                    • Instruction ID: 680539e4840d5e33e10a13acfc87acd920f4b15072d9372dced889aa18c3078f
                                                                                                                                                                    • Opcode Fuzzy Hash: f2a7ecfcee43d065dbcf5acb10ec403a6b16e204b76fe97e8a0af766d740abef
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B0192B55003048FEB60DF26D945B6AFBE8EF04A20F088199DD468B752D375E449CE61
                                                                                                                                                                    Function 0196AFAE Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0196AFF9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoadShim
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1475914169-0
                                                                                                                                                                    • Opcode ID: f004024593d1343132c19263ab6d856391df0ab370f9c7d3af2ec64462bf2788
                                                                                                                                                                    • Instruction ID: 3aa36c95ad72493d5284f99985fd63b6af76776efe44b0f53b75a9d1e8d6feea
                                                                                                                                                                    • Opcode Fuzzy Hash: f004024593d1343132c19263ab6d856391df0ab370f9c7d3af2ec64462bf2788
                                                                                                                                                                    • Instruction Fuzzy Hash: 650180716002049FEB20DF19D945B66FFECEF04621F088499DE498B756D375E448CA72
                                                                                                                                                                    Function 0196A4CE Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0196A512
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                                    • Opcode ID: bf366e58c724c5fe0fc536938afea3e8182d9bcfbfc1f7bc8602da5a4c9bc147
                                                                                                                                                                    • Instruction ID: da002600a0f90bf84edf178b039716b93c7656d0ef14ef05b362b855f03452b1
                                                                                                                                                                    • Opcode Fuzzy Hash: bf366e58c724c5fe0fc536938afea3e8182d9bcfbfc1f7bc8602da5a4c9bc147
                                                                                                                                                                    • Instruction Fuzzy Hash: C3016D324046449FDB21CF55D944B66FFE8EF09720F08889ADE894B662C376E458DF62
                                                                                                                                                                    Function 07680312 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0768034F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 530164218-0
                                                                                                                                                                    • Opcode ID: 3530801041e98fe1a53a59976aa145ae84cca8c7bbf3333052a6ef9a49609599
                                                                                                                                                                    • Instruction ID: e72407a9223a47452c8f8a37d226ff5ecbf928fee224c4a87ca3b59115019341
                                                                                                                                                                    • Opcode Fuzzy Hash: 3530801041e98fe1a53a59976aa145ae84cca8c7bbf3333052a6ef9a49609599
                                                                                                                                                                    • Instruction Fuzzy Hash: E501F7B55002018FEB60DF25DA85766FBE8EF05220F08C5AADD868B751D375E84CCE62
                                                                                                                                                                    Function 07680D56 Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 07680D90
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                    • Opcode ID: 570cf25b1a4bcc953517970c23618ca4596058b98c056c0375e04c1ddd5c11e0
                                                                                                                                                                    • Instruction ID: f0e98c65aada67225797b112d962cc5cdb7b95e215b2a2861ef42f2d92eebcc9
                                                                                                                                                                    • Opcode Fuzzy Hash: 570cf25b1a4bcc953517970c23618ca4596058b98c056c0375e04c1ddd5c11e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 0601D4B15002048FEB60DF25D985766FBE8EF01320F08C8AADD498F742D374E448CA62
                                                                                                                                                                    Function 07682ACA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 07682B1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Enum
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2928410991-0
                                                                                                                                                                    • Opcode ID: 21558c7c4b27bebad823d7e96b4427c32281a4a5e3160d21633eecd9fe5ceed2
                                                                                                                                                                    • Instruction ID: 3e04f13b4952ad83b5c5a3462afb6ca8a75417d19406059b5de00178b61257d1
                                                                                                                                                                    • Opcode Fuzzy Hash: 21558c7c4b27bebad823d7e96b4427c32281a4a5e3160d21633eecd9fe5ceed2
                                                                                                                                                                    • Instruction Fuzzy Hash: 26016275500240ABD250DF16DC46B6AFBE8FB88A24F14815AED085BB41D371F915CBE6
                                                                                                                                                                    Function 076810C6 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PeekMessageW.USER32(?,?,?,?,?), ref: 07681104
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePeek
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2222842502-0
                                                                                                                                                                    • Opcode ID: 3b6c4b21036a3cdd94de96cec9b35236740e236aa9623943ebc8dc3b7e633ccc
                                                                                                                                                                    • Instruction ID: fe2c9e7952201d069c6c9dbd9f65ccf22f62425e1ab544f7e924504d20a262e5
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b6c4b21036a3cdd94de96cec9b35236740e236aa9623943ebc8dc3b7e633ccc
                                                                                                                                                                    • Instruction Fuzzy Hash: 0501DE725003089FDB619F15D941B62FBE4EF05220F08C19EDE864AA51C375E45ACF62
                                                                                                                                                                    Function 07682B8E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 07682BDE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: a9f9d03beb5a82a5a9dbfb78c1a17365316a77be53b896d42d36ff55f1621e94
                                                                                                                                                                    • Instruction ID: 01052d0ad4df46978408a5e8f57e731ff22246465d02c038e100d91863a9a618
                                                                                                                                                                    • Opcode Fuzzy Hash: a9f9d03beb5a82a5a9dbfb78c1a17365316a77be53b896d42d36ff55f1621e94
                                                                                                                                                                    • Instruction Fuzzy Hash: 93016275500240ABD210DF16DC46B6AFBE8FB88A24F14815AED485BB41D371F915CAE6
                                                                                                                                                                    Function 0196ABDE Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnumThreadWindows.USER32(?,00000E24,?,?), ref: 0196AC2E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EnumThreadWindows
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2941952884-0
                                                                                                                                                                    • Opcode ID: c8ff4e44373a6962a39f21a895ba6376d1ff86aaaa6250a92bfb78427bc706fc
                                                                                                                                                                    • Instruction ID: 6718308170eff46b9802cebfb14f509c8ccda2e9db718f41a65eeb4e8f17e75d
                                                                                                                                                                    • Opcode Fuzzy Hash: c8ff4e44373a6962a39f21a895ba6376d1ff86aaaa6250a92bfb78427bc706fc
                                                                                                                                                                    • Instruction Fuzzy Hash: 5901A271500200ABD210DF16CC42B6AFBE8FB88A24F14815AED084BB41D371F915CBE6
                                                                                                                                                                    Function 07680C7A Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 07680CB5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                                                    • Opcode ID: 8526464fe38f1e13292a9323cb09b4d2f577bbf4a4b1d711c4bb893ad2173047
                                                                                                                                                                    • Instruction ID: a3d0aa61fe6abd853c75cb79b4934ee4a6b5d716ba63c25e8c30571f424bc24a
                                                                                                                                                                    • Opcode Fuzzy Hash: 8526464fe38f1e13292a9323cb09b4d2f577bbf4a4b1d711c4bb893ad2173047
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A01B1725006048FDB609F15D945B65FBE4EF04220F08C59ADE864A751C375E459CF62
                                                                                                                                                                    Function 0768117E Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,?,?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 076811B9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                    • Opcode ID: 1e28e7f3a76010847520ef2e9ac1d05118edfdb9083f757d9eb5d1308a658449
                                                                                                                                                                    • Instruction ID: 2010a023f6f94ccb802b1a259615fd450365fdf8da4ec704920a0864e6d55d92
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e28e7f3a76010847520ef2e9ac1d05118edfdb9083f757d9eb5d1308a658449
                                                                                                                                                                    • Instruction Fuzzy Hash: 93012475500204CFEB218F55C980B65FBE4EF05220F08C19EDE868BB51C375E55ACF62
                                                                                                                                                                    Function 07681D52 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DrawFrameControl.USER32(?,?,?,?), ref: 07681D8D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ControlDrawFrame
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3837821161-0
                                                                                                                                                                    • Opcode ID: 8526464fe38f1e13292a9323cb09b4d2f577bbf4a4b1d711c4bb893ad2173047
                                                                                                                                                                    • Instruction ID: fca2ebff60cef6137ae1059b11569d476f983a89b8c5b8f1b5736f125875ad0d
                                                                                                                                                                    • Opcode Fuzzy Hash: 8526464fe38f1e13292a9323cb09b4d2f577bbf4a4b1d711c4bb893ad2173047
                                                                                                                                                                    • Instruction Fuzzy Hash: 6801B175500604CFDB209F15D985B65FBE4EF05320F08C59EDE4A4A751C375E45ACB62
                                                                                                                                                                    Function 07680272 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 076802A4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                    • Opcode ID: 913ad80c91db220246cea2bae1fdc355bc9bf454921722d287a0b6a026fa2878
                                                                                                                                                                    • Instruction ID: cdb3269a39a57049c11ad02c35a1f8c673a6fea5edfc09461b1925eb33781e23
                                                                                                                                                                    • Opcode Fuzzy Hash: 913ad80c91db220246cea2bae1fdc355bc9bf454921722d287a0b6a026fa2878
                                                                                                                                                                    • Instruction Fuzzy Hash: 7001D6755043448FDB50DF15D9857A5FBE4EF05220F08C09ADD4A4BB52C3B4E85CCA62
                                                                                                                                                                    Function 0196A712 Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Initialize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                                                    • Opcode ID: cd1a2f7072131650496fe93ad13e8b89f72bfee878d565946f7606970df3d919
                                                                                                                                                                    • Instruction ID: c4a4afd6592b9bb0a581db894a6a39c0879f906c788a169e49ade76570861f16
                                                                                                                                                                    • Opcode Fuzzy Hash: cd1a2f7072131650496fe93ad13e8b89f72bfee878d565946f7606970df3d919
                                                                                                                                                                    • Instruction Fuzzy Hash: 7901A2718042449FDB10CF15D985B65FBE8EF05220F08C4AADD499F652D379E848CAB2
                                                                                                                                                                    Function 0196A23A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 0196A274
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                    • Opcode ID: 0ceeab3a64bc9d5f678f6fba4da81755f0b0453593b11c5fe8e776d8a3b74e86
                                                                                                                                                                    • Instruction ID: 43d0ef238ebd175f732027b77d805b6c59598ef4f4b192a3c72849a79f269d80
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ceeab3a64bc9d5f678f6fba4da81755f0b0453593b11c5fe8e776d8a3b74e86
                                                                                                                                                                    • Instruction Fuzzy Hash: B401D6319442449FEB10CF1AD985B61FBDCEF05625F08C49ADD489B742D375E448CA72
                                                                                                                                                                    Function 0768045E Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageW.USER32(?,?,?,?), ref: 07680499
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                    • Opcode ID: 752bcdf0f45dffdc7b04191d208f7c5f45aafbdd6ac65e18a5606ee2368383c6
                                                                                                                                                                    • Instruction ID: 991088fc7ecb1979eb06852cf68259966005cc25c2c11d1e52b1605965521db6
                                                                                                                                                                    • Opcode Fuzzy Hash: 752bcdf0f45dffdc7b04191d208f7c5f45aafbdd6ac65e18a5606ee2368383c6
                                                                                                                                                                    • Instruction Fuzzy Hash: AE018F75400304DFDB60DF15D945B65FBE4EF05220F08C59ADE8A0A762C379A45DCBA2
                                                                                                                                                                    Function 0196A876 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0196A8AE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LongWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1378638983-0
                                                                                                                                                                    • Opcode ID: 75da46dd3d8756de558b9e8b644930b4f1476644073b569671d9c15caf6765f9
                                                                                                                                                                    • Instruction ID: 715f417df5c9c1628ba019816b5a17873b269933b078c6f585c9164a0819852c
                                                                                                                                                                    • Opcode Fuzzy Hash: 75da46dd3d8756de558b9e8b644930b4f1476644073b569671d9c15caf6765f9
                                                                                                                                                                    • Instruction Fuzzy Hash: 3901A2314042449FDB20CF05D945B61FBE8EF04320F08C49ADE890B652C375A449DB72
                                                                                                                                                                    Function 076812D2 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 07681304
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2557053617.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7680000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatchMessage
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2061451462-0
                                                                                                                                                                    • Opcode ID: 08b332dac1d9b4fab9e33081ccad7b91526c38450061811a177eeb5f8028dd3e
                                                                                                                                                                    • Instruction ID: e3daa3a95adab98914822642f6f8a5ac5774ca20fdf2fb1a06d62cf20585bff3
                                                                                                                                                                    • Opcode Fuzzy Hash: 08b332dac1d9b4fab9e33081ccad7b91526c38450061811a177eeb5f8028dd3e
                                                                                                                                                                    • Instruction Fuzzy Hash: D9F0F474500248CFDB20DF15D985B61FBE4EF06224F08C09ADD494BB52C378E449CAA2
                                                                                                                                                                    Function 0196A2FA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(?,F030899E,00000000,?,?,?,?,?,?,?,?,6CA93C78), ref: 0196A32C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548681922.000000000196A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196A000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_196a000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                    • Opcode ID: 3ffc66bbff7deb899a1cf5e2e1e7ec00006de11d647fd3853e155fdf058c8f24
                                                                                                                                                                    • Instruction ID: dc1697c887ace2c787acc30198443e22078be45e1e4e1ed7a9ec362d2ac847b9
                                                                                                                                                                    • Opcode Fuzzy Hash: 3ffc66bbff7deb899a1cf5e2e1e7ec00006de11d647fd3853e155fdf058c8f24
                                                                                                                                                                    • Instruction Fuzzy Hash: 7DF0AF35804244CFDB10CF09D985B65FBE8EF04625F08C09ADE495B752D3B9A848CAB2
                                                                                                                                                                    Function 090E16E0 Relevance: .5, Instructions: 503COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 834d94746d06dba76ac3437f612d15afbb54ed4ee5b214c392f9e5b08be8eb07
                                                                                                                                                                    • Instruction ID: cfa00acb525514fb6a7938113b51c2a64e17a0f39b788b771aa2875252eb3aba
                                                                                                                                                                    • Opcode Fuzzy Hash: 834d94746d06dba76ac3437f612d15afbb54ed4ee5b214c392f9e5b08be8eb07
                                                                                                                                                                    • Instruction Fuzzy Hash: 04221735A04209DFDBA5CFA5C580AEDBBF6BF48300F24866AE851E7252D734E981CF50
                                                                                                                                                                    Function 090E8490 Relevance: .4, Instructions: 402COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 328fc942d21398176aa80409b8c1bfe91772540f9ade3e1a39ae1249359dcc04
                                                                                                                                                                    • Instruction ID: c0d2388dde412aa16576bdbaab4156ebac7ee3db4c4a30471b0e6403a34b18db
                                                                                                                                                                    • Opcode Fuzzy Hash: 328fc942d21398176aa80409b8c1bfe91772540f9ade3e1a39ae1249359dcc04
                                                                                                                                                                    • Instruction Fuzzy Hash: C8E1AB317002408FCB58AB79D46866E77F6AFC5215B1488ADE84ACB791DF35DC06CB62
                                                                                                                                                                    Function 090E70B0 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 913460440b018f78850ad4018158cf83e0cdaef7af71ec7aa37920c6ff7fd643
                                                                                                                                                                    • Instruction ID: 7198f95fc211d30e514984f123203e1e6342af3b49801fcc6f3ab0fa2e5daaa3
                                                                                                                                                                    • Opcode Fuzzy Hash: 913460440b018f78850ad4018158cf83e0cdaef7af71ec7aa37920c6ff7fd643
                                                                                                                                                                    • Instruction Fuzzy Hash: 0BC10774A01215DFCB55CF79D588AADB7F2FF88305B1488A8E806AB361EB35EC45CB50
                                                                                                                                                                    Function 090E16D0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4023aa9fe0089662114846f35e276615bdd2296802bfd22d54dc951b66fc2fa1
                                                                                                                                                                    • Instruction ID: 91feac0221e1a16b7627f67d854796e7f57465e1e72171b0a003d87685eef827
                                                                                                                                                                    • Opcode Fuzzy Hash: 4023aa9fe0089662114846f35e276615bdd2296802bfd22d54dc951b66fc2fa1
                                                                                                                                                                    • Instruction Fuzzy Hash: 0FA10875A04219CFCBA4CFA9C580AADBBF5BF48300F24866AE855EB352D734E941CF50
                                                                                                                                                                    Function 090E2558 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 471c08f4e265ac95e57eeeb1aa70a45093b244452f9339c3df17f8839aa59365
                                                                                                                                                                    • Instruction ID: 601e78161aeea854c4a79164b41815351b159be9b21e5c9c0d9d388180b1cfb0
                                                                                                                                                                    • Opcode Fuzzy Hash: 471c08f4e265ac95e57eeeb1aa70a45093b244452f9339c3df17f8839aa59365
                                                                                                                                                                    • Instruction Fuzzy Hash: 0D911A35A00209DFDB54CFA9D584A9EBBF6FF44350F108969E829EB211D771E982CB90
                                                                                                                                                                    Function 090E3658 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1baa4a21d5ef2b1e05a89679416556ec1233fbc2493946d925d96de35c65aaf5
                                                                                                                                                                    • Instruction ID: 4500f13aa35f1a6818aa2ddeb02f8a212481230204e3feffbfb3a710aad38d79
                                                                                                                                                                    • Opcode Fuzzy Hash: 1baa4a21d5ef2b1e05a89679416556ec1233fbc2493946d925d96de35c65aaf5
                                                                                                                                                                    • Instruction Fuzzy Hash: F5710975A00209DFDB58DF64D598B9EBBB2FF88310F148559E806AB3A1DB34D845CF50
                                                                                                                                                                    Function 090E17B6 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 20bc3a5b22bb33bcfa09f3cc34a1a83c1f820b5174c319a9dfc79977d3f3c181
                                                                                                                                                                    • Instruction ID: 88cb1c0839b21b3740b62f353ddc01a5712e11a032d40b01435eb241583a5be6
                                                                                                                                                                    • Opcode Fuzzy Hash: 20bc3a5b22bb33bcfa09f3cc34a1a83c1f820b5174c319a9dfc79977d3f3c181
                                                                                                                                                                    • Instruction Fuzzy Hash: 4771E835A04219CFDBA0CFA9C580AADBBF5FF48351F24866AE865E7252D334E941CF50
                                                                                                                                                                    Function 090E77C0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5f802814010fd8c01835e3eff749179e8173b18d5c39b7db9d81e48f9c10aa45
                                                                                                                                                                    • Instruction ID: e9123eca21ddd72db27b3aa728346c8d12f041706deccc1bfc664e7d48e4823b
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f802814010fd8c01835e3eff749179e8173b18d5c39b7db9d81e48f9c10aa45
                                                                                                                                                                    • Instruction Fuzzy Hash: 81512570A01209CFCB65CF74C5986AABBF2EF89305F2449ADD44AAB750DB35AC45CB60
                                                                                                                                                                    Function 090E7F20 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a5e5654a1b8350cf0abcb97d71371d079afe3cc777bad503189f1669ab25b455
                                                                                                                                                                    • Instruction ID: 6c5f07b86daa4288a5b779a6e22ffdb4380473face89db97492010d8ae10f3f3
                                                                                                                                                                    • Opcode Fuzzy Hash: a5e5654a1b8350cf0abcb97d71371d079afe3cc777bad503189f1669ab25b455
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D41A7303006418FD769AF35E46876A7BF6EF81305B14C86DE94A8B792CB36DC46C762
                                                                                                                                                                    Function 090E34C8 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1072406f268b8f54df774b37889d9f30727ceee0e8e0af794878777f998654ea
                                                                                                                                                                    • Instruction ID: 1b1f99de03bb670cbef6dd206a707d84e583da72149deec860468887c061f472
                                                                                                                                                                    • Opcode Fuzzy Hash: 1072406f268b8f54df774b37889d9f30727ceee0e8e0af794878777f998654ea
                                                                                                                                                                    • Instruction Fuzzy Hash: 9551F575A002149FCF08DFA8D5946AEBBF6EB88310F148569E806EB345DB35EC45CBA0
                                                                                                                                                                    Function 090E3BD2 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a95d836e48ea3f5f3f6be746367d36d2bd9954130d6bb9050d57a72d61e58762
                                                                                                                                                                    • Instruction ID: 507e18df956f02cee6cf7951d7c62990c4306800bb1dd7910a87953b0cd010f6
                                                                                                                                                                    • Opcode Fuzzy Hash: a95d836e48ea3f5f3f6be746367d36d2bd9954130d6bb9050d57a72d61e58762
                                                                                                                                                                    • Instruction Fuzzy Hash: 70311571A042949FDB19DB7994143EE7FF29F88210F04882EE845D7781DB76C8468BA1
                                                                                                                                                                    Function 090E9DC0 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ed5879f78f10179d39f88e168be33af6c9d5db4bfdda1508637efa955a829204
                                                                                                                                                                    • Instruction ID: ccf8f577a6f50285e79c12695763be67148d598096bf4d5316ed19ecd58c9174
                                                                                                                                                                    • Opcode Fuzzy Hash: ed5879f78f10179d39f88e168be33af6c9d5db4bfdda1508637efa955a829204
                                                                                                                                                                    • Instruction Fuzzy Hash: FB51B074E04208DFCB08DFA9C584AEDBBF2BF89300F14816AE815AB360DB35A945CF51
                                                                                                                                                                    Function 090E1CD0 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c3d0cdf476bd451037eb1cf8747e0a4c15303d6ed2d10ddf76bba5ce288fe813
                                                                                                                                                                    • Instruction ID: ebbe60bc7395acbebce24927ce3fa944b101051bbb6a86abf428d99e7bc29737
                                                                                                                                                                    • Opcode Fuzzy Hash: c3d0cdf476bd451037eb1cf8747e0a4c15303d6ed2d10ddf76bba5ce288fe813
                                                                                                                                                                    • Instruction Fuzzy Hash: 20414C35A14219DFDB94CF68C480ADDB7F2AF89310F148969E401DB390D770E885CB90
                                                                                                                                                                    Function 090E53F8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8388243570dd2d2ae966c8c89f2f96908e911125f84203d36a8fb6573f9e8d20
                                                                                                                                                                    • Instruction ID: e3ddf9bcffe66ed80b1fc0a239a509d9764cf2a8f9bb11bc79b5ff8caeceea14
                                                                                                                                                                    • Opcode Fuzzy Hash: 8388243570dd2d2ae966c8c89f2f96908e911125f84203d36a8fb6573f9e8d20
                                                                                                                                                                    • Instruction Fuzzy Hash: 9541D074D05218DFCB58DFA5D984AEDBBF2FF89309F208829E406A7250DB359946CF50
                                                                                                                                                                    Function 090E53E9 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3601e9c70477f7a80a7a331f73cc7a25b00d55729a213dd6796eb7696c48fca7
                                                                                                                                                                    • Instruction ID: 5c806be4796897e452775614b3c69fce73abb6baf24bb88304a36f19021b2389
                                                                                                                                                                    • Opcode Fuzzy Hash: 3601e9c70477f7a80a7a331f73cc7a25b00d55729a213dd6796eb7696c48fca7
                                                                                                                                                                    • Instruction Fuzzy Hash: 3441E370D05218DFCB58DFA5D848AEDBBF2FF88319F10882AE406A7290DB359941CF50
                                                                                                                                                                    Function 090E5D61 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7b5bd2b3977f183a53f9022a948301461b23319bc239b92bdfb75a4de02b7ae0
                                                                                                                                                                    • Instruction ID: 64a607d12874f902fd1a7733fa6fe8cc65be33ea269f5f38cb05f9efe1c1c5c1
                                                                                                                                                                    • Opcode Fuzzy Hash: 7b5bd2b3977f183a53f9022a948301461b23319bc239b92bdfb75a4de02b7ae0
                                                                                                                                                                    • Instruction Fuzzy Hash: 17314D71B082941FDB2997B858107AE3BE79BC5254F15887FE549CF782CD358C098761
                                                                                                                                                                    Function 090E317A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 26c1d904c2a02ee2ba953855e098b022604eb2a41bcb37623ab006071ea7fb67
                                                                                                                                                                    • Instruction ID: f173f9abf7fe8e2993e1a87991acbf22e19f22cb7762771daebc01edae579843
                                                                                                                                                                    • Opcode Fuzzy Hash: 26c1d904c2a02ee2ba953855e098b022604eb2a41bcb37623ab006071ea7fb67
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E41D135A002198FDF60CFA4C985BADBBF1FF48344F10849AE95AAB351C735A985CF50
                                                                                                                                                                    Function 090E8A44 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7cf03c2810256f21b24e49dd96975dfcfdd4805413be891b704759ae772f54af
                                                                                                                                                                    • Instruction ID: 46e7efd6eb1987b8f01920f4d143027edef37d22872213aaa8bbc39547630ea7
                                                                                                                                                                    • Opcode Fuzzy Hash: 7cf03c2810256f21b24e49dd96975dfcfdd4805413be891b704759ae772f54af
                                                                                                                                                                    • Instruction Fuzzy Hash: 64317C74B102158FDB64DF68D559A6D7BF6AF84341F1888A8EC02E7754DF308C04CBA1
                                                                                                                                                                    Function 090E8960 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ff48d90082665b0ed23a311d5b1e6e52de07de0d109864b8af7f8fba6c3c35af
                                                                                                                                                                    • Instruction ID: de64957e36212d791341f6871f882b0bd061c9a0f61d5c92a66bb608aae4d364
                                                                                                                                                                    • Opcode Fuzzy Hash: ff48d90082665b0ed23a311d5b1e6e52de07de0d109864b8af7f8fba6c3c35af
                                                                                                                                                                    • Instruction Fuzzy Hash: 28318F31F041048FCB649B68D4596EE7BF6AF88351F188569E916E7790DB708C44CB92
                                                                                                                                                                    Function 090E2200 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0b9c4ef03c24007e8b064f009ef5861eb7d21650d477825e62e28dc351ebf9ee
                                                                                                                                                                    • Instruction ID: 8cc0a81a0ae445e54569fca68396fc8cf9b4c27df5e9d9b1a73daa941f71e4f7
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b9c4ef03c24007e8b064f009ef5861eb7d21650d477825e62e28dc351ebf9ee
                                                                                                                                                                    • Instruction Fuzzy Hash: B02148307012055FCB54DB68D4456B973E6AFC1309B24896EE41DCBB91EB76CCCAC751
                                                                                                                                                                    Function 090E5718 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 331219723e4da21f5c98b28ac7e96e40103a08eaafeb84f4beb9b347961217b9
                                                                                                                                                                    • Instruction ID: 63368cfcba875cae6cef22efc1a620bce562c8313284579db1d5140a719d723c
                                                                                                                                                                    • Opcode Fuzzy Hash: 331219723e4da21f5c98b28ac7e96e40103a08eaafeb84f4beb9b347961217b9
                                                                                                                                                                    • Instruction Fuzzy Hash: 3531E270E012089FCB48DFA9D480AEEBBF6AF89304F209469E419F7321DB315946CF65
                                                                                                                                                                    Function 090E5728 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 576243857656952313412bfaa7ca6cb205fc31d1de6d34a858eff6fa039dc118
                                                                                                                                                                    • Instruction ID: 581ab41e9140333f15c14202d9c705862a3cab392a44f0beb357047214779b14
                                                                                                                                                                    • Opcode Fuzzy Hash: 576243857656952313412bfaa7ca6cb205fc31d1de6d34a858eff6fa039dc118
                                                                                                                                                                    • Instruction Fuzzy Hash: E0219274E012089FCB48DFA9D980ADEBBF6EF89214F109429E419B7360DB31A945CF65
                                                                                                                                                                    Function 090E5628 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 25e1ada6b44fcbaa721ac86e648413d074f7106123139ac00da87d460796a35d
                                                                                                                                                                    • Instruction ID: 012167d187ac37f3a283e769f230e53b784595555d56d48538dae204f31b8ffa
                                                                                                                                                                    • Opcode Fuzzy Hash: 25e1ada6b44fcbaa721ac86e648413d074f7106123139ac00da87d460796a35d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8931FE74D12218DFCB44DFA9E888ADDBBF1FF48309F14846AE415A7261E7309A85CF50
                                                                                                                                                                    Function 090E7EFF Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9b0a35a2ee0d2793d5bb72859401007a8fb50005c39979457f1cc3556d12fea1
                                                                                                                                                                    • Instruction ID: 0c8718a287537c9944ca9708b773f62656fcf2300aa4a6612f3aa9ce89499d1b
                                                                                                                                                                    • Opcode Fuzzy Hash: 9b0a35a2ee0d2793d5bb72859401007a8fb50005c39979457f1cc3556d12fea1
                                                                                                                                                                    • Instruction Fuzzy Hash: C6213971300601CFD7B5EE25D188B66B3E6FF80705F14887DE95A8BAA1DB76E881CB50
                                                                                                                                                                    Function 090E2070 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c24381802f7a7512e8b0d425e8a19aff3d067df23a0076a4a88c6b81cbd61a44
                                                                                                                                                                    • Instruction ID: a09bbb047a6b4b7b3cacbf084262676deb0904a4a0a6b7ac740d7cf1577d9972
                                                                                                                                                                    • Opcode Fuzzy Hash: c24381802f7a7512e8b0d425e8a19aff3d067df23a0076a4a88c6b81cbd61a44
                                                                                                                                                                    • Instruction Fuzzy Hash: A321E4347001058F8B09EFBCD4646AEB7F6AFC5204B148529D806EB794DF748D0A87E6
                                                                                                                                                                    Function 090E2080 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5523987a24976612d1f0af90ffe9ae9b7206d9b97922c138a875bc21da0d2cdf
                                                                                                                                                                    • Instruction ID: 71d5c07bfe75c3ccf88d947dd1ce7b11cda8326df48785380ff16f672a05611b
                                                                                                                                                                    • Opcode Fuzzy Hash: 5523987a24976612d1f0af90ffe9ae9b7206d9b97922c138a875bc21da0d2cdf
                                                                                                                                                                    • Instruction Fuzzy Hash: 8421D2347001158F8B49EFBCD4646AEB7EAAFC9204B148029D506EB384DF308E0A87E7
                                                                                                                                                                    Function 090E22F0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: dc397c123fb69b93c1d9bbd9602582c9c24b86ce99f63f809f7784da955e6d67
                                                                                                                                                                    • Instruction ID: 9e8570a54cb2526dec9516d169967490d949e71d7cca50a79c733fcdfaa5eb1e
                                                                                                                                                                    • Opcode Fuzzy Hash: dc397c123fb69b93c1d9bbd9602582c9c24b86ce99f63f809f7784da955e6d67
                                                                                                                                                                    • Instruction Fuzzy Hash: 8F218BB1D042589FCF25CBA9D454AEEBBF5EF88360F04852AE866A3650D7705815CF60
                                                                                                                                                                    Function 090E2870 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9c93e8de2e4e53b77dd23554ffd69206e1bdca0504487b8500f892247ec25b24
                                                                                                                                                                    • Instruction ID: 38d36d0890f0f36caeab1c45bb81fa9e4f8e663de574e42182765819118135f2
                                                                                                                                                                    • Opcode Fuzzy Hash: 9c93e8de2e4e53b77dd23554ffd69206e1bdca0504487b8500f892247ec25b24
                                                                                                                                                                    • Instruction Fuzzy Hash: C61173313041099FDB089E1DD885BAE7BEAEFD9364F548579F516CB3A0DA70DC0587A0
                                                                                                                                                                    Function 090E1FD3 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 16ba8b9fb92492153f34c889331eb2822e8acb803b097766156dc7fe0532d5ab
                                                                                                                                                                    • Instruction ID: 0ec782b83db4815f3b54ee6bd17d030b1998e282d5ac417af228e1f627291026
                                                                                                                                                                    • Opcode Fuzzy Hash: 16ba8b9fb92492153f34c889331eb2822e8acb803b097766156dc7fe0532d5ab
                                                                                                                                                                    • Instruction Fuzzy Hash: A011B171A092858FCB22CF64C8C05EABBB5FF85310F2849AAD4D5D7256D2359909CB91
                                                                                                                                                                    Function 01A207A4 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2549240912.0000000001A20000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A20000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_1a20000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ac0307a2a1e4c831d99627c5de27108058778d2e3fb90ac0becb957424055ca4
                                                                                                                                                                    • Instruction ID: 76244cf707870a6f8160c29f47a247add8e92873e884fab973ced01aec439a98
                                                                                                                                                                    • Opcode Fuzzy Hash: ac0307a2a1e4c831d99627c5de27108058778d2e3fb90ac0becb957424055ca4
                                                                                                                                                                    • Instruction Fuzzy Hash: 8911DA30204284DFD716CB18C640B26BBE6AB98708F28C5ADF5494BB53C77BD847CA91
                                                                                                                                                                    Function 090E2918 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2c56845fd516e2d39f02ceff0af28583758d1581ac4d161a5c00b57afcc1c454
                                                                                                                                                                    • Instruction ID: 37125d9d902d0d6907514bee2c7ac982448b7ae4012a4753ef94597b9efe6a81
                                                                                                                                                                    • Opcode Fuzzy Hash: 2c56845fd516e2d39f02ceff0af28583758d1581ac4d161a5c00b57afcc1c454
                                                                                                                                                                    • Instruction Fuzzy Hash: 58118231A0024A9FDF159FA8D8247EE7EF6EF88310F144429E915E7390DB368C51CBA5
                                                                                                                                                                    Function 090E5338 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 93c4bd14022eb7dd1ed583bdf96733bd4f0efe478a8e987b1f11f4dc238c115d
                                                                                                                                                                    • Instruction ID: d1410aeb741fd4cb8dbc8819e09c7aa0642b49384b5012cc5a85d9fa635d1352
                                                                                                                                                                    • Opcode Fuzzy Hash: 93c4bd14022eb7dd1ed583bdf96733bd4f0efe478a8e987b1f11f4dc238c115d
                                                                                                                                                                    • Instruction Fuzzy Hash: 4A219E74E052089FCB48CFAAE4859EEBBF1EF89314F24906AE45AE3221D7315941CF64
                                                                                                                                                                    Function 090E3368 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 65c5c3c3a66f42405cb9d40f34322d31e58c17c2528f133b0f2ba3eb9de0a32b
                                                                                                                                                                    • Instruction ID: 9d8edff934229ebd0f7a984f26f5f25b3e2d677d5fd7eb01bcf46358fc6692b2
                                                                                                                                                                    • Opcode Fuzzy Hash: 65c5c3c3a66f42405cb9d40f34322d31e58c17c2528f133b0f2ba3eb9de0a32b
                                                                                                                                                                    • Instruction Fuzzy Hash: 5C117CB5A00209AF8F45DF68C8449EE7FF2FF88350B108069F905D7211E732D921DBA1
                                                                                                                                                                    Function 090E3D90 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d449342e38e7bf3126e2ddd0505cbe4aca1a53e2a6225bdc266d25b35a8f217d
                                                                                                                                                                    • Instruction ID: 9e0565443b5e55d6355878abf4ce8331dd54567ca3c8ff9db6fd326e38727bd5
                                                                                                                                                                    • Opcode Fuzzy Hash: d449342e38e7bf3126e2ddd0505cbe4aca1a53e2a6225bdc266d25b35a8f217d
                                                                                                                                                                    • Instruction Fuzzy Hash: 46110774904209CFCB54CF68C589BEEBBF1AF88304F6485A9E04EE7351DB715A49CB91
                                                                                                                                                                    Function 01A205DF Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2549240912.0000000001A20000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A20000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_1a20000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 08e66720573ef8fbd47deec3539366f42532db2b6841064e1e5f23a8dab6c1e1
                                                                                                                                                                    • Instruction ID: af73a4c7be0d22a897697b3fd06c148eade395d2212fad45eaa58807293eab88
                                                                                                                                                                    • Opcode Fuzzy Hash: 08e66720573ef8fbd47deec3539366f42532db2b6841064e1e5f23a8dab6c1e1
                                                                                                                                                                    • Instruction Fuzzy Hash: 2301D87650E7C05FC712CB16DC41862BFB8EB86530708C49FE9498BA52D265A80ACBA2
                                                                                                                                                                    Function 090E2908 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2ba77bfaeb097060e1d5753c4a177a0da353af7ec612e5735bd6f7eb304431f2
                                                                                                                                                                    • Instruction ID: 5926d60d98b9a1cf0eb127d1b9366fa8469d080c1bedc6687ea57415f091e52a
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ba77bfaeb097060e1d5753c4a177a0da353af7ec612e5735bd6f7eb304431f2
                                                                                                                                                                    • Instruction Fuzzy Hash: 9F11923190420A9FDF259F68C8197EEBFF6EF48310F141869E911F7250DB728851CBA1
                                                                                                                                                                    Function 090E1FF0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 03da46360cb0c290dc3c14dbc5ff48236e08f5f10af309e0ea0555ab3cee3b2f
                                                                                                                                                                    • Instruction ID: eedd7ebdfb9024fe0165808f954f3277828373f6b7b68052b55558913af23eee
                                                                                                                                                                    • Opcode Fuzzy Hash: 03da46360cb0c290dc3c14dbc5ff48236e08f5f10af309e0ea0555ab3cee3b2f
                                                                                                                                                                    • Instruction Fuzzy Hash: 63015631A001559FCF61DF68C8C09EEBBF9FF44210F24486AE599D7246E731AD49CB91
                                                                                                                                                                    Function 090E01F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 46d5b8c383a18ac5bbaa8660d944588541236df30b736ec3bc596c569ab29638
                                                                                                                                                                    • Instruction ID: bd0b2a7e34e5897284f95e88e9e999ef77477a64c04819c14a54a99f04ff1aed
                                                                                                                                                                    • Opcode Fuzzy Hash: 46d5b8c383a18ac5bbaa8660d944588541236df30b736ec3bc596c569ab29638
                                                                                                                                                                    • Instruction Fuzzy Hash: 48014C347059148FC319DF28D498A2EBBF6EFC5321B24846EE40AC7B62CBB19C45CB41
                                                                                                                                                                    Function 090E3DA0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d8f3c3b8e91d5f1671c44f8172ed567ba9344e64398c503a1f09478f345431b4
                                                                                                                                                                    • Instruction ID: 14651d2f7dff16afab3d281de778e95931947b31e54480f0c49432221758839d
                                                                                                                                                                    • Opcode Fuzzy Hash: d8f3c3b8e91d5f1671c44f8172ed567ba9344e64398c503a1f09478f345431b4
                                                                                                                                                                    • Instruction Fuzzy Hash: 80111C70904209CFCB50DF68C589BEEBBF1AF48304F144469E05EE7351DB356A45CB91
                                                                                                                                                                    Function 090E1F38 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cdd1453600a8617f8d81a5bdaade540214b597a3296c857592d28c231f6adb80
                                                                                                                                                                    • Instruction ID: 99008d04c04712a62a6964cd1f2cbbc8d68a4c94c54dab77b45f84297ce35480
                                                                                                                                                                    • Opcode Fuzzy Hash: cdd1453600a8617f8d81a5bdaade540214b597a3296c857592d28c231f6adb80
                                                                                                                                                                    • Instruction Fuzzy Hash: E1019270B04209CFCB589E65C4187EE7AF2AF88354F14882DD405E7790DB7598458B94
                                                                                                                                                                    Function 090E0200 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: dff9e611e5a6b9f3c376fa7b4f19919647e220bc18582c7bad6928ca4a1e26f5
                                                                                                                                                                    • Instruction ID: 51b7e3e24bca08d3b0381a4d9b4d2c0f960ba2a40e3314f7932506b204d6330e
                                                                                                                                                                    • Opcode Fuzzy Hash: dff9e611e5a6b9f3c376fa7b4f19919647e220bc18582c7bad6928ca4a1e26f5
                                                                                                                                                                    • Instruction Fuzzy Hash: 96014B343009048F8314DF19D48892EBBFAEF89321720446EE81AC7B61CB70EC45CB45
                                                                                                                                                                    Function 090E9C61 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9396afa511c950225b0417dabe0a68c2d7e1d5d479187920fe80aaaeba07dc65
                                                                                                                                                                    • Instruction ID: 7cac4f8beab3f17b57ac3f06bb8fbd5818dac148b66e881c8f8eb9c05b2438ee
                                                                                                                                                                    • Opcode Fuzzy Hash: 9396afa511c950225b0417dabe0a68c2d7e1d5d479187920fe80aaaeba07dc65
                                                                                                                                                                    • Instruction Fuzzy Hash: 35011374D09209DFDB09DFAAC4405AEBBB5FF8A300F4085AAD815A7351DB359A41CFA1
                                                                                                                                                                    Function 090E9701 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 17a3ceefc6e409cdecb9476e3d4b41921716e529a9fe3532351a1000ecb6b9b9
                                                                                                                                                                    • Instruction ID: bfe66ccdc9f9db35dabfae4f4cecd3c8d5d96e98666f3aec7664bf69fff9e4ae
                                                                                                                                                                    • Opcode Fuzzy Hash: 17a3ceefc6e409cdecb9476e3d4b41921716e529a9fe3532351a1000ecb6b9b9
                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF0F971D182088FCB54DFA698452EFBBF4EF4A210F10656AD458E3205E6308A65DBA5
                                                                                                                                                                    Function 090E52C1 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 52d4aa394a612433cde5bfe0dda5514262c6543fd75c94edc6bdc0d7bf26e9e1
                                                                                                                                                                    • Instruction ID: 56eb8a2cfd15504d8d2b0a5f5418548e1ad493e70ba7f4f7414bd7541469be7d
                                                                                                                                                                    • Opcode Fuzzy Hash: 52d4aa394a612433cde5bfe0dda5514262c6543fd75c94edc6bdc0d7bf26e9e1
                                                                                                                                                                    • Instruction Fuzzy Hash: 8CF03770D05205CFCB50DFBA94456EEBFF5FB4A314F10A56AE009E3212E3318951CBA4
                                                                                                                                                                    Function 090E70A1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bca36badb8c000d85acc8ea3d0f17eb9b841401f5d69ded0de8885bd66d84082
                                                                                                                                                                    • Instruction ID: b73baf57b357ff2a710bcecf31432a11c30bffbfdba5abfa9ed485f9abfa298c
                                                                                                                                                                    • Opcode Fuzzy Hash: bca36badb8c000d85acc8ea3d0f17eb9b841401f5d69ded0de8885bd66d84082
                                                                                                                                                                    • Instruction Fuzzy Hash: 17016D75A042588FCF14CB69D8589DDFBB2FF89310F1104A9E515E7362D7399C05CB61
                                                                                                                                                                    Function 090E9710 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5809dd9ab9064dbb2445ab3f1ea673685e1ada331b59a0dbc3b0c6ac458f72ed
                                                                                                                                                                    • Instruction ID: 00492ab4e2e3d8b2dc2fa788bbd2b1f5ef2dd8ac270ff0102a951dbe0d6766a7
                                                                                                                                                                    • Opcode Fuzzy Hash: 5809dd9ab9064dbb2445ab3f1ea673685e1ada331b59a0dbc3b0c6ac458f72ed
                                                                                                                                                                    • Instruction Fuzzy Hash: 45F0D471D142189FCB54DFAA98456EEFBF8EB8A350F10602AD108F3200E7309694CBA9
                                                                                                                                                                    Function 090E9C70 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 886bca9456f035e723293479d94758e311251b783eb1c897378dc2289becf1ef
                                                                                                                                                                    • Instruction ID: 4c38b6154358cb068121a38862861178d60608055fc59be585ab239d6bf81a8c
                                                                                                                                                                    • Opcode Fuzzy Hash: 886bca9456f035e723293479d94758e311251b783eb1c897378dc2289becf1ef
                                                                                                                                                                    • Instruction Fuzzy Hash: AB01C9B4D04209DFDB08DFAAD4446AEBBF6FF89300F509569D815A3340DB359A51CFA1
                                                                                                                                                                    Function 090E52D0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1de202bc9287e5265b218da27af20887fdd44f87ebd89f2999e42a780469c93f
                                                                                                                                                                    • Instruction ID: c5ef6db88cf7c116702cc57f8b64a1836b55e6466bc2d1f6c918c0a976561be9
                                                                                                                                                                    • Opcode Fuzzy Hash: 1de202bc9287e5265b218da27af20887fdd44f87ebd89f2999e42a780469c93f
                                                                                                                                                                    • Instruction Fuzzy Hash: 0AF03470D11208CFCB40DFB9A8056EEBBF8EB4A314F10242AE108F3201E3318940CBA4
                                                                                                                                                                    Function 090E2AA0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b4191f07034db71581a9300a34e6da687f6e995cef6d4f7fc9228c6c7aaa082b
                                                                                                                                                                    • Instruction ID: 9210ed358b057e62642118ac93a60b5753f05233526ad7505578a77d35225a30
                                                                                                                                                                    • Opcode Fuzzy Hash: b4191f07034db71581a9300a34e6da687f6e995cef6d4f7fc9228c6c7aaa082b
                                                                                                                                                                    • Instruction Fuzzy Hash: E6F052726182609FC3218E698444D1BFBE6FFC8358F0D896EF0C483211C37AC820DB62
                                                                                                                                                                    Function 090E2260 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c497fd6e22dc2cea430dd18ce0c841a72b80626d8814e48fbc1d99630127adab
                                                                                                                                                                    • Instruction ID: 20c5699f899500f96cfa70a19150aa1b521d350deaafcab227948ef4fdf4328f
                                                                                                                                                                    • Opcode Fuzzy Hash: c497fd6e22dc2cea430dd18ce0c841a72b80626d8814e48fbc1d99630127adab
                                                                                                                                                                    • Instruction Fuzzy Hash: 62F0BE713001085FC704DE68D448BAAB3EAFFC4355B14816DE50ACB751EE70EC85C7A1
                                                                                                                                                                    Function 090E9562 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 26a0edc49cadedfb8ae1e7483af619ae2937c3c1f90c09229e2a83890d3705e0
                                                                                                                                                                    • Instruction ID: 9e476b5cbb7310847618359d6c539f4202c6019faefefe535be075a7bee5f698
                                                                                                                                                                    • Opcode Fuzzy Hash: 26a0edc49cadedfb8ae1e7483af619ae2937c3c1f90c09229e2a83890d3705e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF0AFB0D09346DFCB51EFB4854569EBFF0AF05344F2048AEC454E7242D3394A42CB91
                                                                                                                                                                    Function 01A20860 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2549240912.0000000001A20000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A20000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_1a20000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d08330d5f43450eb2c4271ed3166f30a4f3e439582b53594c407ee03f5cc4a43
                                                                                                                                                                    • Instruction ID: 9e0a20222e2a9004185ba15cd1b30aee4c31771017da64407b798880224af819
                                                                                                                                                                    • Opcode Fuzzy Hash: d08330d5f43450eb2c4271ed3166f30a4f3e439582b53594c407ee03f5cc4a43
                                                                                                                                                                    • Instruction Fuzzy Hash: 42F01D35104644DFC316CF44D640B16FBA2EB89718F24CAADE94917752C737E813DA81
                                                                                                                                                                    Function 090E95D6 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a06b0f8e1468a6eb86d4076667a1eeb49a6c07783d48e7cebfa15b3c635f37f0
                                                                                                                                                                    • Instruction ID: 60119e61c4646b01f8395fc645dc4392354a1000e3bed193b2fb2a42e0a5bb7e
                                                                                                                                                                    • Opcode Fuzzy Hash: a06b0f8e1468a6eb86d4076667a1eeb49a6c07783d48e7cebfa15b3c635f37f0
                                                                                                                                                                    • Instruction Fuzzy Hash: D8E0D8341067409FC312A776D555AEEBBF59FC2561704CA6DD09ECBA42EA294C0BCB31
                                                                                                                                                                    Function 090E10E0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5214913b889930bc2e534592678bb8e83ee70724fc0918475584654284507fa1
                                                                                                                                                                    • Instruction ID: e5a2a514f2648aef6ee2c8e8f3d1ee19a20a5d478dadf90f7e927f5a8b1b553e
                                                                                                                                                                    • Opcode Fuzzy Hash: 5214913b889930bc2e534592678bb8e83ee70724fc0918475584654284507fa1
                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF0F8343045008FC364DB29D498CAAB7E9EF8A325B1584BAE81ACBB60CB71EC01CB41
                                                                                                                                                                    Function 090E2B4F Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 135a490448973f24b2885e0632445e8062da9d186a197e20aff15945db6b5b7b
                                                                                                                                                                    • Instruction ID: 2b198118772ecd714cc988b2b669e0a3e7696c8fb88d72a6b1df03a2f8d9c018
                                                                                                                                                                    • Opcode Fuzzy Hash: 135a490448973f24b2885e0632445e8062da9d186a197e20aff15945db6b5b7b
                                                                                                                                                                    • Instruction Fuzzy Hash: 08F0E572A04169AFCB198E99A8048EE3F72EBC9320B04C46FF905C2251C7358911DF60
                                                                                                                                                                    Function 090E79D8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3d515362d2ef91248689ba5263d007e687eb963297e88fce9216b0a8b7b80095
                                                                                                                                                                    • Instruction ID: bb2f2ce0a7c29be83476c0a9ab7adbbc823743be45e6f69502925cc22fe30a87
                                                                                                                                                                    • Opcode Fuzzy Hash: 3d515362d2ef91248689ba5263d007e687eb963297e88fce9216b0a8b7b80095
                                                                                                                                                                    • Instruction Fuzzy Hash: 9DE0687170A2708FC73B1B7880281A47BE08E8121231909FED8C0DB342C6258C1683E1
                                                                                                                                                                    Function 01A20606 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2549240912.0000000001A20000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A20000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_1a20000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 270aa7d0f15ac30ab4adb6ecace42abed9d1bc5f4fbe587a5f6bddb3cc8074b5
                                                                                                                                                                    • Instruction ID: ad2fcd8fa895349f6876ad89d0d304d5b89e875d65fbec4a7b0513e9717f6d30
                                                                                                                                                                    • Opcode Fuzzy Hash: 270aa7d0f15ac30ab4adb6ecace42abed9d1bc5f4fbe587a5f6bddb3cc8074b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 21E092B66046048B9650DF0AED41462F7D8EB84630718C07FDC4E8B701D276B509CAA6
                                                                                                                                                                    Function 090E9578 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b890af3c157fd54b5d9e047a2485aa1e53d9d1d980d0fdff513a8888fb506f3a
                                                                                                                                                                    • Instruction ID: 2995ae524f33e693656a0653d6461148140fdfe2f0ac472070ea9bbd87d02564
                                                                                                                                                                    • Opcode Fuzzy Hash: b890af3c157fd54b5d9e047a2485aa1e53d9d1d980d0fdff513a8888fb506f3a
                                                                                                                                                                    • Instruction Fuzzy Hash: FBF0A5B1D0420ADFCB90EFB98945BAFBEF5EB08344F604829D518E6241E7359A45CBE1
                                                                                                                                                                    Function 090E79E8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9bf64eba1487c5127e9210059fb858c60bab703c2c5f29697e57941622696105
                                                                                                                                                                    • Instruction ID: c29aba2c37f059779d664ee8b52bccbb3c1c865f3f56788e93a181a0849af4f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 9bf64eba1487c5127e9210059fb858c60bab703c2c5f29697e57941622696105
                                                                                                                                                                    • Instruction Fuzzy Hash: 26E0CD72B015348F4636657C501816DB2D9CBC49577184CBDD806D7704DE25CD5647F5
                                                                                                                                                                    Function 090E10DA Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2dc01e088bd3a9997a670c96cb4b0d459929ef422fc3329389b278cb39018f8d
                                                                                                                                                                    • Instruction ID: b91cfde9923fb7c942e85cc18ea4d8208553c85eed3b6b18d1cfd635cb0218a3
                                                                                                                                                                    • Opcode Fuzzy Hash: 2dc01e088bd3a9997a670c96cb4b0d459929ef422fc3329389b278cb39018f8d
                                                                                                                                                                    • Instruction Fuzzy Hash: DCE0ED352081408FC764CB29D458DA6B7F5EF89365B1584BDE85ACBB61DA71EC05CB40
                                                                                                                                                                    Function 090E168A Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9c5309560c72aa01925416a5191091b502f09495aab16bcca3f67ca149e253ec
                                                                                                                                                                    • Instruction ID: abfa4c4898d8a29c0697e925ea7bd00117c47619330d223d90dc18a7e2e96a29
                                                                                                                                                                    • Opcode Fuzzy Hash: 9c5309560c72aa01925416a5191091b502f09495aab16bcca3f67ca149e253ec
                                                                                                                                                                    • Instruction Fuzzy Hash: 47E06D7240D3806FC301DF548844BA6BBE8BB45300F040D5EF1D0C2142D665C518CBA2
                                                                                                                                                                    Function 090E1EF8 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 57291aa14242ae5faa293a573fce820bc67924a2245b3edcbc60add5d06d33bd
                                                                                                                                                                    • Instruction ID: da0503f8b5a1ebb25e6a99f5628d166e0d3052b072b883d453568251f5d6180b
                                                                                                                                                                    • Opcode Fuzzy Hash: 57291aa14242ae5faa293a573fce820bc67924a2245b3edcbc60add5d06d33bd
                                                                                                                                                                    • Instruction Fuzzy Hash: EDE0263300D148AFCB128F68D880C997BB1EA92320314056FE581DB952C374A851CF90
                                                                                                                                                                    Function 090E2B10 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 01b5e1990f61a4891027d3e4721ff884cfc2a921c4cbe6dd104493207ae3bd87
                                                                                                                                                                    • Instruction ID: f8eaf95ad3f4d01bd1fb1304252ae596186b838aee90b68c81746dc37bcb6562
                                                                                                                                                                    • Opcode Fuzzy Hash: 01b5e1990f61a4891027d3e4721ff884cfc2a921c4cbe6dd104493207ae3bd87
                                                                                                                                                                    • Instruction Fuzzy Hash: 94E07E3650020EBBCF128F94E908DAA3B6AFB5C361B04C415FA1956526D732D971ABA0
                                                                                                                                                                    Function 090E3D58 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 849677464001756439694423e282a7deaad85b170f1363ee37e3e11d26a5c6b9
                                                                                                                                                                    • Instruction ID: 6c95d9dc7aa5d3fceb7be93fcc31684aed0f77007b4b3c3328b022f7431da98c
                                                                                                                                                                    • Opcode Fuzzy Hash: 849677464001756439694423e282a7deaad85b170f1363ee37e3e11d26a5c6b9
                                                                                                                                                                    • Instruction Fuzzy Hash: DFD05E76B051646B0715A76D242C5AE6BAA8AE9926308107ED14AC7380CEA6CC4346EB
                                                                                                                                                                    Function 090E1F08 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 11701c7bfb4e9be6a67b2f421ffe99db36df8d920cd176fe2ddb8c9f0f89b531
                                                                                                                                                                    • Instruction ID: ae62fcaf3862bfea0ec8be53a9b47b5b8d19686922729729e54c9d552e9e8c36
                                                                                                                                                                    • Opcode Fuzzy Hash: 11701c7bfb4e9be6a67b2f421ffe99db36df8d920cd176fe2ddb8c9f0f89b531
                                                                                                                                                                    • Instruction Fuzzy Hash: 74D01233114019AB87119F59D8488AEB7B9EA9A7623504426F545D3501C734F451DFE1
                                                                                                                                                                    Function 090E6FA0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 07372f35b3a491c9c22bdf9d0ca21d88d3f6403ee740c11dea04fca539df33b1
                                                                                                                                                                    • Instruction ID: dd835cd38124e54f43066ab964ce6ad8002d9c0a532cad4f05d3affc71564ef1
                                                                                                                                                                    • Opcode Fuzzy Hash: 07372f35b3a491c9c22bdf9d0ca21d88d3f6403ee740c11dea04fca539df33b1
                                                                                                                                                                    • Instruction Fuzzy Hash: C6E04F311196C28FD703AB74A4EA0C8BFF1DE4721030948EEE1CACB162D6789D49D7A6
                                                                                                                                                                    Function 090E1EC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3e4fa778070387fdefade322db7ac2802c1c1c65bff8f4b49936d04e3701feb2
                                                                                                                                                                    • Instruction ID: 471300ddd156fcb4a36870479f502da45ac3c09228ae61fb200744a42198d250
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4fa778070387fdefade322db7ac2802c1c1c65bff8f4b49936d04e3701feb2
                                                                                                                                                                    • Instruction Fuzzy Hash: A2D0A7A670D5A01FD3069BAE768819AFFD9DBCD6A271941BEE148C3381D98CCC024279
                                                                                                                                                                    Function 090E80A0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a0fa610602ad757c642d03cfa980e0b949911d7bb1bd8727fe7da970a2e25abf
                                                                                                                                                                    • Instruction ID: c5654ad2bc851ba4dcf8e438eab7554bd9cca653a4a8bfc8b46ab27ccbc37c1d
                                                                                                                                                                    • Opcode Fuzzy Hash: a0fa610602ad757c642d03cfa980e0b949911d7bb1bd8727fe7da970a2e25abf
                                                                                                                                                                    • Instruction Fuzzy Hash: 01D012A100A6850FE3469A30C9557916F214722205F05C896D29699943C0254C15C722
                                                                                                                                                                    Function 090E56EE Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 05b5e782e292eb3567706d7ca1673d4f2a48b5bfb04267c3e120dcf6a900e417
                                                                                                                                                                    • Instruction ID: cb011c6e2c215213e8f0bca8392a9671a2ed386ad71b437d143abc2b36ae726b
                                                                                                                                                                    • Opcode Fuzzy Hash: 05b5e782e292eb3567706d7ca1673d4f2a48b5bfb04267c3e120dcf6a900e417
                                                                                                                                                                    • Instruction Fuzzy Hash: 14D06C79E451099FCF14DFA8F9808DCFBB1FF84229F200026E919A3600DB312E16CB00
                                                                                                                                                                    Function 019623F4 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548656598.0000000001962000.00000040.00000800.00020000.00000000.sdmp, Offset: 01962000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_1962000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e1410f89eda056d31ba8998f2f4398f8db9c69ac6f4227f4ea6a787f5acae4ae
                                                                                                                                                                    • Instruction ID: f4ca8c7c05f2f62577009b9d252eeb40e43b6b1397f916af9efe10e9820f391b
                                                                                                                                                                    • Opcode Fuzzy Hash: e1410f89eda056d31ba8998f2f4398f8db9c69ac6f4227f4ea6a787f5acae4ae
                                                                                                                                                                    • Instruction Fuzzy Hash: 06D02B353046804FD3128B0CC168FA43BEC6F41B04F0600F9D8048B773C714D4C4C110
                                                                                                                                                                    Function 019623BC Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2548656598.0000000001962000.00000040.00000800.00020000.00000000.sdmp, Offset: 01962000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_1962000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a79783931731a1c4146b576f7c3494d669ab4408f0538ad5bafe263fe6d484d1
                                                                                                                                                                    • Instruction ID: 4cb8ae6b22ae0c11baf82cfe44523a2c56c5db4048227713134e7d59b015de6b
                                                                                                                                                                    • Opcode Fuzzy Hash: a79783931731a1c4146b576f7c3494d669ab4408f0538ad5bafe263fe6d484d1
                                                                                                                                                                    • Instruction Fuzzy Hash: 78D05E343002814BE715DB0CC6D4F9937DCAB40B15F0644E9AD008B762C7A4D8C4CA10
                                                                                                                                                                    Function 090E6FB0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bc948f8a86ff0fb9104a4e429a401cd9445d0ba3e3f1c3c6906188520a91a112
                                                                                                                                                                    • Instruction ID: cd8fbd3e53403de15418f8052ab99fc3ef2b62e51ebfc03a4eebf897f656b963
                                                                                                                                                                    • Opcode Fuzzy Hash: bc948f8a86ff0fb9104a4e429a401cd9445d0ba3e3f1c3c6906188520a91a112
                                                                                                                                                                    • Instruction Fuzzy Hash: 46D0C930211425CBC650BBB4F28979873F2D79A355B00446EE21A4B250CF399D49DBB1
                                                                                                                                                                    Function 090E6E60 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a794b49271f78af1ab5a8100e3a862f2cc2d8d1bf36c36d12bb2623d1168d4a9
                                                                                                                                                                    • Instruction ID: a8de4cd92801eac3ec83d77c810ba1ab9ac4d9d49ca2bbbab4e01477f5688914
                                                                                                                                                                    • Opcode Fuzzy Hash: a794b49271f78af1ab5a8100e3a862f2cc2d8d1bf36c36d12bb2623d1168d4a9
                                                                                                                                                                    • Instruction Fuzzy Hash: 45D0C93A201240CFC325DF28E59448637F2EB89215304496CE48347B19DA30E846CA50
                                                                                                                                                                    Function 090E6E68 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f60fe1e5481e7c4212b827d2221299e6bf764e14b449fc49d7369f43f9d2992e
                                                                                                                                                                    • Instruction ID: 8ed921dd8d93efd32c4da81795c1fb02fb5836a1782496e86524996b3858e8c9
                                                                                                                                                                    • Opcode Fuzzy Hash: f60fe1e5481e7c4212b827d2221299e6bf764e14b449fc49d7369f43f9d2992e
                                                                                                                                                                    • Instruction Fuzzy Hash: 5FC012322112108BC3249E28F5044C633F19BCC2153044A7DA00787714DA70DC458690
                                                                                                                                                                    Function 090E38D1 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 00bfef3d60edec55113b66259443a91af4f763b12c2b282e17054c3c449f4365
                                                                                                                                                                    • Instruction ID: e3e27978b00a2ca9dcf160b2d1cc3f0f5b9a982e36e9aa08e033f75f7a23c7ee
                                                                                                                                                                    • Opcode Fuzzy Hash: 00bfef3d60edec55113b66259443a91af4f763b12c2b282e17054c3c449f4365
                                                                                                                                                                    • Instruction Fuzzy Hash: 02D0CA31A4820ECFEB248F85C95A7AEBFB0BB40308F14081AE002A7190CBB90845CF80
                                                                                                                                                                    Function 090E23B8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 173a8ed95446002c800b3403124570b17eb0060b2e3748fd5e5df354e79f4c1d
                                                                                                                                                                    • Instruction ID: f32818b40eaefeedfef3b8551810939bbfb7e826845540351347817e5aa7be61
                                                                                                                                                                    • Opcode Fuzzy Hash: 173a8ed95446002c800b3403124570b17eb0060b2e3748fd5e5df354e79f4c1d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8AC09B2156E2C54FE301E777495A34A7FD06F55218F544899C5C147913F950D426A32E

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 090E67B1 Relevance: .5, Instructions: 500COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 0000000D.00000002.2559497866.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_13_2_90e0000_DIMSA.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a1675f23e40d560f05faad5a2d3e245d1ac333b8fb507894bafadfa630c01523
                                                                                                                                                                    • Instruction ID: 6cd206983c6af15dfcb2b5b100005e574bfa3d6599bdeb90cff62d255474e339
                                                                                                                                                                    • Opcode Fuzzy Hash: a1675f23e40d560f05faad5a2d3e245d1ac333b8fb507894bafadfa630c01523
                                                                                                                                                                    • Instruction Fuzzy Hash: 65225871E006199FDB24CF69C980ADDBBF2FF48314F6485AAE489A7751D730A989CF40