Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1562846
MD5:	4e74078466a464a3e168f9a2c0a81a5d
SHA1:	7cec6570b1bc2688019354ddb0764c6fe606c10f
SHA256:	fa3ce4c12cf5e9a03a82dca680308e69d0d6ef4eda47b9cda5b04636a7ae7e30
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for domain / URL

Suricata IDS alerts for network traffic

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7148 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4E74078466A464A3E168F9A2C0A81A5D)

cleanup

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T06:46:06.558382+0100	2028371	3	Unknown Traffic	192.168.2.4	49730	104.21.7.169	443	TCP
2024-11-26T06:46:08.451513+0100	2028371	3	Unknown Traffic	192.168.2.4	49731	104.21.7.169	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T06:46:07.270993+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49730	104.21.7.169	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T06:46:07.270993+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49730	104.21.7.169	443	TCP

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic	DNS traffic detected: DNS query: occupy-blushi.sbs

Source: unknown

Source: file.exe, 00000000.00000003.1728504464.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000003.1728504464.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000003.1728504464.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/5
Source: file.exe, 00000000.00000003.1728504464.00000000015C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1730970416.000000000150E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1728307723.00000000015D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1730970416.0000000001578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000002.1730970416.000000000150E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apiU=
Source: file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/api
Source: file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/apiO
Source: file.exe, 00000000.00000002.1730970416.000000000156B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/apif

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.21.7.169:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3C110	0_2_00A3C110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3E2DB	0_2_00A3E2DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A68440	0_2_00A68440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3B95B	0_2_00A3B95B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A39FC0	0_2_00A39FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD0AA	0_2_00ABD0AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A330A0	0_2_00A330A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680A0	0_2_00A680A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8089	0_2_00AE8089
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8090	0_2_00AF8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE30EF	0_2_00AE30EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD20E8	0_2_00AD20E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC50E5	0_2_00AC50E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A0E3	0_2_00B0A0E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A580FF	0_2_00A580FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF50F5	0_2_00AF50F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE20F5	0_2_00AE20F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB80DA	0_2_00AB80DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6F0D0	0_2_00A6F0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7028	0_2_00AF7028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C006	0_2_00A9C006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADE013	0_2_00ADE013
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A99016	0_2_00A99016
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01079	0_2_00B01079
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF061	0_2_00ABF061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB060	0_2_00ADB060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAF071	0_2_00AAF071
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC104A	0_2_00AC104A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B11058	0_2_00B11058
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB61AE	0_2_00AB61AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC01A5	0_2_00AC01A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E1AA	0_2_00B0E1AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F	0_2_00BFD19F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C021E0	0_2_00C021E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE0198	0_2_00AE0198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5719F	0_2_00A5719F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF21E2	0_2_00AF21E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B051E3	0_2_00B051E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3F1F6	0_2_00A3F1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6F1F0	0_2_00A6F1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAA1CA	0_2_00AAA1CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA7129	0_2_00AA7129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC3128	0_2_00AC3128
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98125	0_2_00A98125
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE138	0_2_00AFE138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE9136	0_2_00AE9136
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B10113	0_2_00B10113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A95101	0_2_00A95101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B06101	0_2_00B06101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A49113	0_2_00A49113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A45F12	0_2_00A45F12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC9163	0_2_00AC9163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD517F	0_2_00AD517F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A55140	0_2_00A55140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD114B	0_2_00AD114B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB4140	0_2_00AB4140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0015B	0_2_00B0015B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A57149	0_2_00A57149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9145	0_2_00AB9145
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB115B	0_2_00AB115B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF115F	0_2_00AF115F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A67154	0_2_00A67154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9E15D	0_2_00A9E15D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0C14B	0_2_00B0C14B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B032BF	0_2_00B032BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB92B9	0_2_00AB92B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC2B9	0_2_00ADC2B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE72BA	0_2_00AE72BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4D280	0_2_00A4D280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFD287	0_2_00AFD287
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA280	0_2_00ABA280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAD2EC	0_2_00AAD2EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA52E2	0_2_00AA52E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE52CC	0_2_00AE52CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B112C3	0_2_00B112C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6F2D0	0_2_00A6F2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB2DC	0_2_00ABB2DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD62DA	0_2_00AD62DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFF2D5	0_2_00AFF2D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0223A	0_2_00B0223A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A34F60	0_2_00A34F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB0204	0_2_00AB0204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA121C	0_2_00AA121C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0269	0_2_00AA0269
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F26D	0_2_00A9F26D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE426A	0_2_00AE426A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF927A	0_2_00AF927A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFB275	0_2_00AFB275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0826B	0_2_00B0826B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B275	0_2_00A9B275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACE24E	0_2_00ACE24E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE259	0_2_00AEE259
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0250	0_2_00AF0250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4388	0_2_00AF4388
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB384	0_2_00ACB384
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A69397	0_2_00A69397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5D398	0_2_00A5D398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB53EC	0_2_00AB53EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE3CB	0_2_00AAE3CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0B3D6	0_2_00B0B3D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C3AD	0_2_00C0C3AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA3C5	0_2_00ABA3C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAC334	0_2_00AAC334
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD5305	0_2_00AD5305
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD431A	0_2_00AD431A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B16308	0_2_00B16308
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6317	0_2_00AC6317
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A56369	0_2_00A56369
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE937E	0_2_00AE937E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14361	0_2_00B14361
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA35A	0_2_00AFA35A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0354	0_2_00AD0354
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0C4B0	0_2_00B0C4B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF04A6	0_2_00AF04A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD24A1	0_2_00AD24A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF64BD	0_2_00AF64BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD44B3	0_2_00AD44B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEA48E	0_2_00AEA48E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8486	0_2_00AE8486
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96480	0_2_00A96480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0B49F	0_2_00B0B49F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF4E0	0_2_00ACF4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED4FB	0_2_00AED4FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A984CF	0_2_00A984CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE04C3	0_2_00AE04C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42422	0_2_00A42422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4742C	0_2_00A4742C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC5427	0_2_00AC5427
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA743C	0_2_00AA743C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8430	0_2_00AC8430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9E419	0_2_00A9E419
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A36410	0_2_00A36410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF417	0_2_00ABF417
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEF463	0_2_00AEF463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC9454	0_2_00BC9454
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5B455	0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB85AE	0_2_00AB85AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A945A5	0_2_00A945A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC55BF	0_2_00AC55BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A495B0	0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF15B8	0_2_00AF15B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA8589	0_2_00AA8589
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE2589	0_2_00AE2589
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8590	0_2_00BF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C055FF	0_2_00C055FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB65EA	0_2_00AB65EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B005F7	0_2_00B005F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF75F8	0_2_00AF75F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC25F2	0_2_00AC25F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA95C7	0_2_00AA95C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF55DB	0_2_00AF55DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B08532	0_2_00B08532
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAF518	0_2_00AAF518
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0514	0_2_00AC0514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC3514	0_2_00AC3514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A99516	0_2_00A99516
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF956A	0_2_00AF956A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70560	0_2_00A70560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF577	0_2_00ABF577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1056C	0_2_00B1056C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E550	0_2_00B0E550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A53540	0_2_00A53540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE355F	0_2_00AE355F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD1553	0_2_00AD1553
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB26A9	0_2_00AB26A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B146BA	0_2_00B146BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B606A6	0_2_00B606A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC6BA	0_2_00ADC6BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB16B3	0_2_00AB16B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A666BA	0_2_00A666BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0D690	0_2_00B0D690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3C680	0_2_00A3C680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB968F	0_2_00AB968F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA4681	0_2_00AA4681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6F690	0_2_00A6F690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD46EF	0_2_00AD46EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE6FA	0_2_00AAE6FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD66C4	0_2_00AD66C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9D6DE	0_2_00A9D6DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADA6D4	0_2_00ADA6D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE6D7	0_2_00ABE6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC96D0	0_2_00AC96D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB623	0_2_00ABB623
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE625	0_2_00AEE625
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02601	0_2_00B02601
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6616	0_2_00AA6616
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0617	0_2_00AA0617
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1560F	0_2_00B1560F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFC661	0_2_00AFC661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA267D	0_2_00AA267D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2674	0_2_00AD2674
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1666E	0_2_00B1666E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA164C	0_2_00AA164C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF3651	0_2_00AF3651
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B7AD	0_2_00A9B7AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAF7A6	0_2_00AAF7A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB1798	0_2_00BB1798
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB788	0_2_00ACB788
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC878B	0_2_00AC878B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC781	0_2_00AEC781
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B067F9	0_2_00B067F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0F7FB	0_2_00B0F7FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A707F0	0_2_00A707F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00799	0_2_00C00799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5C7F9	0_2_00A5C7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE87F0	0_2_00AE87F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B157D8	0_2_00B157D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADD7DD	0_2_00ADD7DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A537D0	0_2_00A537D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF7D9	0_2_00ACF7D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A587D9	0_2_00A587D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9672D	0_2_00A9672D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC772A	0_2_00AC772A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1729	0_2_00AE1729
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7735	0_2_00AB7735
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB0711	0_2_00AB0711
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD9713	0_2_00AD9713
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A67760	0_2_00A67760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE768	0_2_00AFE768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A45768	0_2_00A45768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE974E	0_2_00AE974E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFB756	0_2_00BFB756
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6B8B0	0_2_00A6B8B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B098A6	0_2_00B098A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A46882	0_2_00A46882
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA2896	0_2_00AA2896
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB8F3	0_2_00ADB8F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3A8C0	0_2_00A3A8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5B8DE	0_2_00A5B8DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFF8D2	0_2_00AFF8D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0C8CE	0_2_00B0C8CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACA83E	0_2_00ACA83E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B07811	0_2_00B07811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAD81E	0_2_00AAD81E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC1813	0_2_00AC1813
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF687C	0_2_00BF687C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4868	0_2_00AF4868
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5B455	0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5587F	0_2_00A5587F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A97840	0_2_00A97840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5B859	0_2_00A5B859
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1184D	0_2_00B1184D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE29A6	0_2_00AE29A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFC9B8	0_2_00AFC9B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A469B8	0_2_00A469B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5398C	0_2_00A5398C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD982	0_2_00ABD982
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFD997	0_2_00AFD997
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4B998	0_2_00A4B998
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE39EE	0_2_00AE39EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B089E5	0_2_00B089E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEB9F9	0_2_00AEB9F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A679C0	0_2_00A679C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADE9C1	0_2_00ADE9C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAA9D8	0_2_00AAA9D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD99D7	0_2_00AD99D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8922	0_2_00AB8922
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE9920	0_2_00AE9920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12922	0_2_00B12922
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA935	0_2_00AFA935
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA890D	0_2_00AA890D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8901	0_2_00AF8901
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A56962	0_2_00A56962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A910	0_2_00C0A910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42940	0_2_00A42940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC945	0_2_00ADC945
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAC940	0_2_00AAC940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB3952	0_2_00AB3952
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F950	0_2_00A9F950
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A33AA0	0_2_00A33AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE0ABA	0_2_00AE0ABA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8AB4	0_2_00AC8AB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A55ABE	0_2_00A55ABE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A57A83	0_2_00A57A83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEEA95	0_2_00AEEA95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A51AF0	0_2_00A51AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFBAFA	0_2_00AFBAFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70AC0	0_2_00A70AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96AD3	0_2_00A96AD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4A2E	0_2_00AC4A2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02A2D	0_2_00B02A2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8A05	0_2_00AD8A05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4DA10	0_2_00A4DA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD3A61	0_2_00AD3A61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A35A73	0_2_00A35A73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0A7F	0_2_00AC0A7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE5A74	0_2_00AE5A74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA3A76	0_2_00AA3A76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9CA4E	0_2_00A9CA4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AABA4D	0_2_00AABA4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACFBA9	0_2_00ACFBA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADABBD	0_2_00ADABBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B11BA6	0_2_00B11BA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A41BB8	0_2_00A41BB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC3B81	0_2_00AC3B81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C03BF6	0_2_00C03BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04B8F	0_2_00B04B8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE5BFF	0_2_00AE5BFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE7BFD	0_2_00AE7BFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B16BD3	0_2_00B16BD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94BD9	0_2_00A94BD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF2B2D	0_2_00AF2B2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0DB35	0_2_00B0DB35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AADB27	0_2_00AADB27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA4B01	0_2_00AA4B01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAEB19	0_2_00AAEB19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE6B1A	0_2_00AE6B1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7B1B	0_2_00AC7B1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B10B08	0_2_00B10B08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2B61	0_2_00AD2B61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0B62	0_2_00AD0B62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0B7D	0_2_00AA0B7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADCB4A	0_2_00ADCB4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFEB48	0_2_00AFEB48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A68CA0	0_2_00A68CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADDCB8	0_2_00ADDCB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5CCBF	0_2_00A5CCBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A35C82	0_2_00A35C82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEC9C	0_2_00BFEC9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACBC86	0_2_00ACBC86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9EC96	0_2_00A9EC96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACCCE8	0_2_00ACCCE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A38CF0	0_2_00A38CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A55CF0	0_2_00A55CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE4CF8	0_2_00AE4CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AACCC5	0_2_00AACCC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B11CC4	0_2_00B11CC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFFCD5	0_2_00AFFCD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB3C2E	0_2_00AB3C2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF5C25	0_2_00AF5C25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A60C30	0_2_00A60C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF3C15	0_2_00AF3C15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABEC15	0_2_00ABEC15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA3C69	0_2_00AA3C69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4DC60	0_2_00A4DC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAFC61	0_2_00AAFC61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6C71	0_2_00BD6C71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABAC65	0_2_00ABAC65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AECC7D	0_2_00AECC7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A59C50	0_2_00A59C50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5BC5F	0_2_00A5BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD1C53	0_2_00AD1C53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A99DAF	0_2_00A99DAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACADBE	0_2_00ACADBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADBDB1	0_2_00ADBDB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFAD93	0_2_00AFAD93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6EDF0	0_2_00A6EDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B09D38	0_2_00B09D38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A56D2A	0_2_00A56D2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5FD36	0_2_00A5FD36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE9D0E	0_2_00AE9D0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFCD0F	0_2_00AFCD0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32D00	0_2_00A32D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4D17	0_2_00BD4D17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A57D0A	0_2_00A57D0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA9D68	0_2_00AA9D68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE6D6D	0_2_00AE6D6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2D64	0_2_00AC2D64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADFD65	0_2_00ADFD65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABBD60	0_2_00ABBD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0D64	0_2_00AF0D64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6D4E	0_2_00AA6D4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3AD50	0_2_00A3AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB1D5D	0_2_00AB1D5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0EEB2	0_2_00B0EEB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEDEBC	0_2_00AEDEBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2EBE	0_2_00AD2EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEEEBA	0_2_00AEEEBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFEEB2	0_2_00AFEEB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A95EB6	0_2_00A95EB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01E97	0_2_00B01E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8E9C	0_2_00AF8E9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6E93	0_2_00AC6E93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9CEF9	0_2_00A9CEF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADAEFF	0_2_00ADAEFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF2EF1	0_2_00AF2EF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4BEC0	0_2_00A4BEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4EEC0	0_2_00A4EEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8ECB	0_2_00AE8ECB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6AEC0	0_2_00A6AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96EDE	0_2_00A96EDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A52E20	0_2_00A52E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0CE28	0_2_00B0CE28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9EE00	0_2_00A9EE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0DE19	0_2_00B0DE19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2E01	0_2_00AB2E01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFBE04	0_2_00AFBE04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4E12	0_2_00BF4E12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8E17	0_2_00AC8E17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A46E62	0_2_00A46E62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9E6C	0_2_00AB9E6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12E76	0_2_00B12E76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9AE79	0_2_00A9AE79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA9E48	0_2_00AA9E48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A60E40	0_2_00A60E40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0BE45	0_2_00B0BE45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD5FA0	0_2_00AD5FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6FA0	0_2_00AD6FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA9F82	0_2_00AA9F82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE5F9B	0_2_00AE5F9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B15F88	0_2_00B15F88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A58FE0	0_2_00A58FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6BFE0	0_2_00A6BFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14FF7	0_2_00B14FF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B06FFA	0_2_00B06FFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD7FF4	0_2_00AD7FF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABBFCB	0_2_00ABBFCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7FCA	0_2_00AC7FCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9FC8	0_2_00AF9FC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2FD6	0_2_00AB2FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF3F2C	0_2_00AF3F2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1F3E	0_2_00AA1F3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02F2B	0_2_00B02F2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AABF36	0_2_00AABF36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF1F33	0_2_00AF1F33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACDF09	0_2_00ACDF09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A62F00	0_2_00A62F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABCF07	0_2_00ABCF07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A45F12	0_2_00A45F12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A34F60	0_2_00A34F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD1F6E	0_2_00AD1F6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEBF69	0_2_00AEBF69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB4F60	0_2_00AB4F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A50F70	0_2_00A50F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AADF4B	0_2_00AADF4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48F57	0_2_00A48F57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4CF50	0_2_00A4CF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6EF50	0_2_00A6EF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B16F48	0_2_00B16F48

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A44D10 appears 75 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A397C0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9982408940397351
Source: file.exe	Static PE information: Section: zvfjtapm ZLIB complexity 0.9943644024562185

Source: classification engine

Classification label: mal100.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A610F0 CoCreateInstance,

0_2_00A610F0

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1895424 > 1048576

Source: file.exe

Static PE information: Raw size of zvfjtapm is bigger than: 0x100000 < 0x1a5200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.a30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zvfjtapm:EW;oivbhgwd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zvfjtapm:EW;oivbhgwd:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1daa87 should be: 0x1d736d

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: zvfjtapm
Source: file.exe	Static PE information: section name: oivbhgwd
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A0C0 push ebp; mov dword ptr [esp], ebx	0_2_00C2A112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A0C0 push ebp; mov dword ptr [esp], ebx	0_2_00C2A185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD70C5 push edx; mov dword ptr [esp], 30F53672h	0_2_00CD701A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD70C5 push 4A7419F3h; mov dword ptr [esp], ebp	0_2_00CD7081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D0A5 push ebx; mov dword ptr [esp], 505D7C1Bh	0_2_00A8D0AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A900A7 push ecx; mov dword ptr [esp], edi	0_2_00A900A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8C080 push edx; mov dword ptr [esp], ecx	0_2_00A8C089
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D0E9 push 509DF461h; mov dword ptr [esp], ebp	0_2_00A8D0EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D0E9 push 2AE07CBEh; mov dword ptr [esp], edx	0_2_00A8E45F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D0C0 push 3A4638BFh; mov dword ptr [esp], eax	0_2_00A8D09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D0C0 push 29928561h; mov dword ptr [esp], esi	0_2_00A8E422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D0C0 push 2AE07CBEh; mov dword ptr [esp], edx	0_2_00A8E45F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D02E push ecx; mov dword ptr [esp], 7F0458C0h	0_2_00A8E007
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2062 push edx; mov dword ptr [esp], 7FF1868Ah	0_2_00EE20FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2062 push edi; mov dword ptr [esp], 75BFC2A8h	0_2_00EE2131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2062 push edi; mov dword ptr [esp], 7E3F6705h	0_2_00EE2163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2062 push eax; mov dword ptr [esp], ebp	0_2_00EE2191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8E026 push 0CF2C7C7h; mov dword ptr [esp], ebx	0_2_00A8E1A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9103E push eax; mov dword ptr [esp], esp	0_2_00A91040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92074 push edx; mov dword ptr [esp], 3669115Fh	0_2_00A920A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E03C push 25C87594h; mov dword ptr [esp], ebx	0_2_00C8E044
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8F051 push edx; mov dword ptr [esp], 00000004h	0_2_00A8FD1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A911AF push 27FF8DD8h; mov dword ptr [esp], edi	0_2_00A911B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8F1A2 push ecx; mov dword ptr [esp], edi	0_2_00A8F1D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 26541471h; mov dword ptr [esp], ecx	0_2_00BFD1C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 409FDE5Ah; mov dword ptr [esp], edx	0_2_00BFD1CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 6DE023A1h; mov dword ptr [esp], ecx	0_2_00BFD1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 0B613C60h; mov dword ptr [esp], esp	0_2_00BFD217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 66C2C65Fh; mov dword ptr [esp], esp	0_2_00BFD2E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 49E9DF66h; mov dword ptr [esp], esi	0_2_00BFD387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD19F push 50BE00D1h; mov dword ptr [esp], edx	0_2_00BFD3A9

Source: file.exe	Static PE information: section name: entropy: 7.974913791834615
Source: file.exe	Static PE information: section name: zvfjtapm entropy: 7.954257082250238

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10680 second address: C10693 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CC6159Ch 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C107C2 second address: C107CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10A60 second address: C10A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C133AB second address: C133B5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC83CBF999Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C133B5 second address: C133EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FC83CC615A0h 0x0000000d pushad 0x0000000e jp 00007FC83CC61596h 0x00000014 jmp 00007FC83CC6159Bh 0x00000019 popad 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C133EA second address: C133F7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C133F7 second address: C13440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC615A9h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push esi 0x0000000e pushad 0x0000000f jmp 00007FC83CC615A9h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13440 second address: C13460 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13460 second address: C13466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13759 second address: C13789 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007FC83CBF999Fh 0x00000011 mov eax, dword ptr [eax] 0x00000013 jc 00007FC83CBF999Ah 0x00000019 push esi 0x0000001a push edi 0x0000001b pop edi 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13789 second address: C13794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC83CC61596h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13794 second address: C1379A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1379A second address: C1379E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C335CD second address: C335E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC83CBF999Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3377C second address: C3378E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC83CC61596h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3378E second address: C33795 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3393A second address: C3393E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33C03 second address: C33C1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 js 00007FC83CBF9996h 0x0000000d jmp 00007FC83CBF999Ah 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3404C second address: C34070 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007FC83CC6159Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC83CC6159Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C341BC second address: C341C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C341C2 second address: C341D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C341D6 second address: C341E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C341E0 second address: C341E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3460D second address: C34613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B7E9 second address: C2B7FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007FC83CC61596h 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B7FB second address: C2B82B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC83CBF99A1h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CBF99A4h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B82B second address: C2B84E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FC83CC615A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B84E second address: C2B86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FC83CBF99A4h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3474F second address: C3477B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007FC83CC61596h 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007FC83CC615A3h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34CDA second address: C34CE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34CE6 second address: C34D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC83CC61596h 0x0000000a pop edi 0x0000000b pushad 0x0000000c jmp 00007FC83CC615A0h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34D04 second address: C34D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34D0A second address: C34D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34D13 second address: C34D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C350F4 second address: C35110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FC83CC615A5h 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35110 second address: C35118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35118 second address: C3511C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3511C second address: C35129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB28B second address: BFB29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC6159Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB29F second address: BFB2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DC3E second address: C3DC4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DC4D second address: C3DC70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CBF99A5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DC70 second address: C3DC8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FC83CC6159Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DDE5 second address: C3DDEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DDEF second address: C3DE00 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DE00 second address: C3DE1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jne 00007FC83CBF999Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007FC83CBF9996h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DE1E second address: C3DE43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jng 00007FC83CC615B0h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC83CC615A2h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42414 second address: C4241A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4241A second address: C4242E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FC83CC61596h 0x0000000b pop esi 0x0000000c ja 00007FC83CC615A2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4242E second address: C42434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42434 second address: C42449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FC83CC61598h 0x0000000e push eax 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42449 second address: C4244E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4244E second address: C42465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FC83CC61596h 0x00000009 jo 00007FC83CC61596h 0x0000000f jne 00007FC83CC61596h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44BB2 second address: C44BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44BB8 second address: C44BBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44BBD second address: C44BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC83CBF99A7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44BE0 second address: C44BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44CC5 second address: C44CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C450A8 second address: C450B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC83CC61596h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C450B7 second address: C450E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007FC83CBF9996h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C450E0 second address: C45107 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 or dword ptr [ebp+122D1B95h], esi 0x0000000e nop 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC83CC615A5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45107 second address: C4512E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF99A1h 0x0000000b popad 0x0000000c push eax 0x0000000d jnl 00007FC83CBF99A8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007FC83CBF9996h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45329 second address: C45350 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FC83CC61596h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45350 second address: C45356 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45356 second address: C4536B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CC615A1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C476EF second address: C476F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C476F5 second address: C47768 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC83CC615A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub dword ptr [ebp+122DB4CBh], eax 0x00000013 push 00000000h 0x00000015 mov esi, dword ptr [ebp+122D27B6h] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007FC83CC61598h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 jmp 00007FC83CC615A3h 0x0000003c mov esi, 0DD089CAh 0x00000041 xchg eax, ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 jnp 00007FC83CC6159Ch 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47768 second address: C4776C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4776C second address: C47781 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FC83CC61596h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47781 second address: C4778B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4778B second address: C47790 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47FFC second address: C4800A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C48A90 second address: C48A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4800A second address: C48027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CBF99A9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A289 second address: C4A293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC83CC61596h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A293 second address: C4A297 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A297 second address: C4A2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnl 00007FC83CC615AEh 0x0000000f nop 0x00000010 xor esi, 73801F4Fh 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D2662h] 0x0000001e push 00000000h 0x00000020 mov edi, dword ptr [ebp+124588B2h] 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A2DB second address: C4A2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A2DF second address: C4A307 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CC615A1h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jp 00007FC83CC61596h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4AD71 second address: C4AD75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DD56 second address: C4DD6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC83CC61596h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f je 00007FC83CC615A0h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B58A second address: C4B58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B58F second address: C4B595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFE0 second address: C4FFE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50FDF second address: C5102C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D291Eh] 0x00000013 push 00000000h 0x00000015 mov bh, dh 0x00000017 push 00000000h 0x00000019 call 00007FC83CC615A8h 0x0000001e push ebx 0x0000001f mov edi, dword ptr [ebp+122D35BDh] 0x00000025 pop edi 0x00000026 pop edi 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push edx 0x0000002c pop edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5102C second address: C51036 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C524B9 second address: C524BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C53397 second address: C5339C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C542C2 second address: C542C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C553ED second address: C553F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C553F3 second address: C553F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C553F8 second address: C553FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C553FE second address: C55402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55402 second address: C5542A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC83CBF999Bh 0x0000000e nop 0x0000000f cmc 0x00000010 push 00000000h 0x00000012 mov ebx, dword ptr [ebp+122D2214h] 0x00000018 push 00000000h 0x0000001a stc 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5542A second address: C55430 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9831 second address: BF9835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9835 second address: BF9849 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007FC83CC6159Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58AC0 second address: C58ACA instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58ACA second address: C58AD5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FC83CC61596h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58AD5 second address: C58ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59122 second address: C59129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A0D7 second address: C5A0DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A0DB second address: C5A0E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A0E1 second address: C5A0FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF99A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D3E9 second address: C5D413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FC83CC615A2h 0x0000000f jmp 00007FC83CC6159Dh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D413 second address: C5D418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C575 second address: C5C57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F415 second address: C5F419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F419 second address: C5F41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E6F1 second address: C5E6F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6492B second address: C6492F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B88B second address: C6B896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC83CBF9996h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B896 second address: C6B8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC83CC615A8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BB48 second address: C6BB52 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC83CBF999Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71C3E second address: C71C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71C43 second address: C71C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77590 second address: C775BB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 jmp 00007FC83CC615A2h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC83CC6159Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C002D0 second address: C002D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C002D4 second address: C00306 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CC6159Eh 0x0000000b ja 00007FC83CC6159Ch 0x00000011 popad 0x00000012 jo 00007FC83CC615A6h 0x00000018 push ecx 0x00000019 jp 00007FC83CC61596h 0x0000001f pop ecx 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76822 second address: C76836 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76836 second address: C7683B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7683B second address: C76868 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b ja 00007FC83CBF999Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 jns 00007FC83CBF9996h 0x0000001c jmp 00007FC83CBF999Dh 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76868 second address: C76875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC83CC615A8h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C769B5 second address: C769DB instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007FC83CBF99A6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76CDD second address: C76CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC83CC61596h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77149 second address: C7714D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77407 second address: C77422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC83CC6159Ah 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007FC83CC61596h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A878 second address: C7A89A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF999Bh 0x0000000b jmp 00007FC83CBF999Ah 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A89A second address: C7A8BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FC83CC615A9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A8BF second address: C7A8CB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC83CBF9996h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF488F second address: BF4893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF4893 second address: BF4899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF4899 second address: BF48CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CC615A3h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnl 00007FC83CC615A1h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF48CB second address: BF4910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC83CBF9996h 0x0000000a jmp 00007FC83CBF99A1h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC83CBF99A7h 0x00000021 js 00007FC83CBF9996h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C822E8 second address: C822F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83CC61596h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42FD7 second address: C42FE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC83CBF9996h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42FE2 second address: C4300E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov ecx, dword ptr [ebp+122D27A2h] 0x0000000e lea eax, dword ptr [ebp+12489D3Ch] 0x00000014 mov cx, bx 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007FC83CC615A2h 0x00000020 jmp 00007FC83CC6159Ch 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4300E second address: C2B7E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FC83CBF9996h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FC83CBF999Ch 0x00000014 nop 0x00000015 mov di, D5C7h 0x00000019 call dword ptr [ebp+122D2302h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC83CBF99A6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43450 second address: C43455 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43551 second address: C43556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43624 second address: C4362E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4376A second address: C4376E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4376E second address: C43799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a add di, E892h 0x0000000f nop 0x00000010 jmp 00007FC83CC615A6h 0x00000015 push eax 0x00000016 pushad 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43D94 second address: C43DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF99A3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43DAC second address: C43E25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC83CC6159Eh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 0000001Eh 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FC83CC61598h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a call 00007FC83CC615A9h 0x0000002f pushad 0x00000030 jng 00007FC83CC61596h 0x00000036 mov ebx, dword ptr [ebp+122D2479h] 0x0000003c popad 0x0000003d pop edx 0x0000003e nop 0x0000003f jo 00007FC83CC615ABh 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FC83CC6159Dh 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C440F8 second address: C44142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF99A4h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jp 00007FC83CBF9996h 0x00000015 pop esi 0x00000016 pop edx 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b jg 00007FC83CBF99A4h 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 jng 00007FC83CBF999Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44142 second address: C44146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4424E second address: C44254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44254 second address: C4426F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007FC83CC6159Ch 0x00000015 js 00007FC83CC61596h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C893F0 second address: C893F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C893F6 second address: C893FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C893FA second address: C89403 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C89403 second address: C89409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C89409 second address: C89411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8966B second address: C89684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FC83CC615A3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C89684 second address: C89688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C897A8 second address: C897AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06CA8 second address: C06CBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF99A0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E124 second address: C8E128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E128 second address: C8E130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E130 second address: C8E135 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F0CF second address: C8F0FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FC83CBF99A7h 0x0000000a popad 0x0000000b jnc 00007FC83CBF9998h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jo 00007FC83CBF99A6h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F547 second address: C8F54D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F54D second address: C8F559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F559 second address: C8F58D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007FC83CC6159Ch 0x00000010 jnc 00007FC83CC61596h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC83CC6159Eh 0x0000001e jmp 00007FC83CC6159Dh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F58D second address: C8F5B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF999Eh 0x00000008 jmp 00007FC83CBF999Bh 0x0000000d jno 00007FC83CBF9996h 0x00000013 popad 0x00000014 jo 00007FC83CBF99A7h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DE7D second address: C8DE82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B9E second address: C93BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93BA5 second address: C93BAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9643D second address: C96443 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96443 second address: C96450 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC83CC61596h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C95FCA second address: C95FDA instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC83CBF99A2h 0x00000008 jbe 00007FC83CBF9996h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96152 second address: C96156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C89A second address: C9C8BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b js 00007FC83CBF9996h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC83CBF99A0h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C8BE second address: C9C8DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC83CC615A8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C8DF second address: C9C8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C8E5 second address: C9C8F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jns 00007FC83CC61596h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B590 second address: C9B594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B594 second address: C9B5B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FC83CC6159Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B860 second address: C9B87A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jne 00007FC83CBF9996h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FC83CBF99A2h 0x00000012 jo 00007FC83CBF9996h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B9A7 second address: C9B9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B9AD second address: C9B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FC83CBF9996h 0x0000000d jmp 00007FC83CBF99A2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B9CE second address: C9B9D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43CF1 second address: C43CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C608 second address: C9C615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C615 second address: C9C635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FC83CBF999Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F84E second address: C9F86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FC83CC615A1h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F86E second address: C9F874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9EF96 second address: C9EF9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F109 second address: C9F115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F115 second address: C9F119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F571 second address: C9F577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F577 second address: C9F57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA36F3 second address: CA3701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jno 00007FC83CBF9996h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3701 second address: CA370F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC83CC61596h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2978 second address: CA297C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA297C second address: CA298B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC83CC61596h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA298B second address: CA2991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2991 second address: CA29A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC83CC61596h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA29A2 second address: CA29A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2DCF second address: CA2DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2DD9 second address: CA2E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC83CBF99A9h 0x0000000a push edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop edi 0x0000000e popad 0x0000000f push edi 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2E00 second address: CA2E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007FC83CC6159Fh 0x0000000d jne 00007FC83CC61596h 0x00000013 jl 00007FC83CC61596h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA30C4 second address: CA30C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA30C8 second address: CA30D1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA30D1 second address: CA30E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA32A6 second address: CA32AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA32AA second address: CA32B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA32B0 second address: CA32B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAB547 second address: CAB54F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA97B3 second address: CA97B9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA97B9 second address: CA97EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FC83CBF99A1h 0x0000000c jmp 00007FC83CBF99A9h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA999B second address: CA99A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9C28 second address: CA9C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9C32 second address: CA9C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9C3B second address: CA9C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAAB6 second address: CAAAEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CC6159Fh 0x00000008 jc 00007FC83CC61596h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC83CC615A5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAD6C second address: CAAD7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83CBF9996h 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAD7D second address: CAAD9C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC83CC61596h 0x00000008 jmp 00007FC83CC6159Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 js 00007FC83CC61596h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB61CD second address: CB61D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB557F second address: CB5597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC83CC615A1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5597 second address: CB559B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB559B second address: CB55A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB55A1 second address: CB55A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB55A7 second address: CB55BA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC83CC6159Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB589F second address: CB58AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CBF999Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB58AF second address: CB58B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB58B3 second address: CB58D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB58D4 second address: CB58E4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB58E4 second address: CB58E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB58E8 second address: CB58FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC6159Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5BC4 second address: CB5BC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5BC9 second address: CB5BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC83CC615B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC83CC615A4h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5D75 second address: CB5D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FC83CBF99A2h 0x0000000b jno 00007FC83CBF9996h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5D88 second address: CB5D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5D8F second address: CB5DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDE22 second address: CBDE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC615A1h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC83CC615A6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDE55 second address: CBDE59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBF41 second address: CBBF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC3CE second address: CBC3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Eh 0x00000009 pushad 0x0000000a je 00007FC83CBF999Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC3EF second address: CBC3F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC52E second address: CBC539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC539 second address: CBC55D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A9h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC6C3 second address: CBC6CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pushad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC6CD second address: CBC6FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007FC83CC6159Dh 0x0000000d jmp 00007FC83CC615A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC82F second address: CBC833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCC9F second address: CBCCAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC83CC61596h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCE2D second address: CBCE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCE32 second address: CBCE39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCE39 second address: CBCE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDC69 second address: CBDC7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CC6159Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDC7D second address: CBDC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDC83 second address: CBDC87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBAA7 second address: CBBAF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF99A7h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d jmp 00007FC83CBF99A8h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jbe 00007FC83CBF9996h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBAF0 second address: CBBAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBAF6 second address: CBBAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBAFA second address: CBBB00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBB00 second address: CBBB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5305 second address: CC530F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC83CC61596h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4E62 second address: CC4E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FC83CBF9996h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4E73 second address: CC4E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4E77 second address: CC4E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Bh 0x00000007 jnc 00007FC83CBF9996h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC777F second address: CC77B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC83CC615A5h 0x0000000b popad 0x0000000c jne 00007FC83CC6159Ch 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 jng 00007FC83CC61596h 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFA7 second address: CDCFAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFAD second address: CDCFB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFB1 second address: CDCFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007FC83CBF9996h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFCA second address: CDCFD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFD2 second address: CDCFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFD7 second address: CDCFEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CC6159Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFEA second address: CDD008 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FC83CBF99A5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CED9F0 second address: CED9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEDB6C second address: CEDB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC83CBF9996h 0x0000000a jmp 00007FC83CBF99A7h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEDE6F second address: CEDE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE124 second address: CEE13F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1AE4 second address: CF1B19 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83CC61596h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jmp 00007FC83CC6159Eh 0x00000015 pop edi 0x00000016 jmp 00007FC83CC615A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1B19 second address: CF1B1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF17BE second address: CF17C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCE6C second address: CFCE85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FC83CBF99A3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFBA23 second address: CFBA27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0C6E3 second address: D0C6EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0C6EF second address: D0C708 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC83CC615A3h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DC50 second address: D0DC54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DC54 second address: D0DC5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DC5A second address: D0DC6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF999Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DC6E second address: D0DC82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC83CC6159Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DC82 second address: D0DC86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1203A second address: D1203E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1203E second address: D12050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FC83CBF9996h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D12050 second address: D12054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D121C5 second address: D121CF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D121CF second address: D12212 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC83CC615A0h 0x00000008 jmp 00007FC83CC615A0h 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jmp 00007FC83CC615A8h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D12212 second address: D12217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28992 second address: D289B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A6h 0x00000007 jp 00007FC83CC6159Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28CCA second address: D28CD7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28CD7 second address: D28CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28E4D second address: D28E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FC83CBF999Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28E60 second address: D28E66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28E66 second address: D28E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294D9 second address: D294DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294DF second address: D294E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294E9 second address: D294ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AF6E second address: D2AF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AF7B second address: D2AF81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AF81 second address: D2AF85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AF85 second address: D2AF93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2C68E second address: D2C696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2C696 second address: D2C6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CC615A4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2C6B8 second address: D2C6DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC83CBF9996h 0x0000000a jmp 00007FC83CBF99A9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2A1 second address: D2F2AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F307 second address: D2F31C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FC83CBF9996h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F31C second address: D2F3AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC83CC615A3h 0x0000000f pop eax 0x00000010 popad 0x00000011 nop 0x00000012 mov edx, dword ptr [ebp+122D2752h] 0x00000018 mov edx, dword ptr [ebp+122D2612h] 0x0000001e push 00000004h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007FC83CC61598h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a call 00007FC83CC61599h 0x0000003f pushad 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 pop edx 0x00000044 jmp 00007FC83CC615A1h 0x00000049 popad 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jnl 00007FC83CC615A5h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F3AB second address: D2F3B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F3B2 second address: D2F3ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jp 00007FC83CC6159Ch 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edi 0x0000001a jmp 00007FC83CC6159Eh 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FC83CC6159Ch 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F3ED second address: D2F3F2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F649 second address: D2F6A2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edx, dword ptr [ebp+122D1A64h] 0x00000014 push dword ptr [ebp+122D2236h] 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FC83CC61598h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov edx, dword ptr [ebp+122D230Eh] 0x0000003a call 00007FC83CC61599h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FC83CC6159Dh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F6A2 second address: D2F6CE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC83CBF9998h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b js 00007FC83CBF99A1h 0x00000011 jmp 00007FC83CBF999Bh 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jng 00007FC83CBF99AEh 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F6CE second address: D2F6D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F6D2 second address: D2F705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jg 00007FC83CBF99A8h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30C5B second address: D30C7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C472FD second address: C47301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47301 second address: C47327 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CC615A8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C474F2 second address: C474F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A8C7C1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C3C36D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C6372E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A8C6D0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CCB8AA instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A8F450 rdtsc

0_2_00A8F450

Source: C:\Users\user\Desktop\file.exe TID: 3652	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3652	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1730970416.0000000001539000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0rX
Source: file.exe, 00000000.00000002.1730970416.0000000001578000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A8F450 rdtsc

0_2_00A8F450

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A6D770 LdrInitializeThunk,

0_2_00A6D770

Source: file.exe, file.exe, 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: SProgram Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	223 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://property-imper.sbs:443/apif	0%	Avira URL Cloud	safe
https://occupy-blushi.sbs/apiU=	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs:443/apiO	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/5	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs:443/apiO	10%	Virustotal		Browse
https://property-imper.sbs:443/apif	10%	Virustotal		Browse
https://occupy-blushi.sbs/5	12%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
occupy-blushi.sbs	104.21.7.169	true	false	high
property-imper.sbs	unknown	unknown	false	high
frogs-severz.sbs	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://occupy-blushi.sbs/api	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://property-imper.sbs:443/apif	file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp	false	10%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.micro	file.exe, 00000000.00000003.1728504464.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs:443/api	file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/	file.exe, 00000000.00000003.1728504464.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/5	file.exe, 00000000.00000003.1728504464.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C9000.00000004.00000020.00020000.00000000.sdmp	false	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://property-imper.sbs/api	file.exe, 00000000.00000002.1730970416.000000000156B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/apiU=	file.exe, 00000000.00000002.1730970416.000000000150E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://occupy-blushi.sbs:443/apiO	file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp	false	10%, Virustotal, Browse Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.7.169	occupy-blushi.sbs	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562846
Start date and time:	2024-11-26 06:45:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/0@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:46:04	API Interceptor	3x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.21.7.169	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
occupy-blushi.sbs	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Finish_Agreement_DocuSign.pdf	Get hash	malicious	Unknown	Browse	104.18.95.41
	http://www.btc1yby.blogspot.rs/	Get hash	malicious	GRQ Scam	Browse	172.67.12.83
	WOOYANG VENUS PARTICULARS.pdf.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	172.67.74.152
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	kkEzK284oT.exe	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	5QnwxSJVyX.doc	Get hash	malicious	Unknown	Browse	162.159.136.232
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	6wjCYfcM3a.exe	Get hash	malicious	LummaC	Browse	104.21.7.169
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948527957449278
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'895'424 bytes
MD5:	4e74078466a464a3e168f9a2c0a81a5d
SHA1:	7cec6570b1bc2688019354ddb0764c6fe606c10f
SHA256:	fa3ce4c12cf5e9a03a82dca680308e69d0d6ef4eda47b9cda5b04636a7ae7e30
SHA512:	afa4a29de9443403dd402de6a4fcfd9c94593417473d90944ca01ca09bba14e606d7d8fa336b5c356a41d613152698975acd21c7903540fbf19469b05454bb99
SSDEEP:	49152:+4Q86imKDJBgnB0YD9SJ9mnFoCN4ubbc2/D:g8xvgBRqZKP/D
TLSH:	A1953349C9ECBC6EEC199AB2D7B9760EF9952C6CB4CFCCBAE21441E107531E5710E184
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Eg.............................0K...........@..........................`K...........@.................................\...p..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8b3000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67450895 [Mon Nov 25 23:30:29 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FC83CB3365Ah
bswap edx
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FC83CB35655h
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5805c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x57000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x581f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x56000	0x25c00	3cc3e8a8e86a814e59d80438be19687e	False	0.9982408940397351	data	7.974913791834615	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x57000	0x2b0	0x200	05a5e7ec4fcce697abcc2a060dd57d1e	False	0.80078125	data	6.042082337106133	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x58000	0x1000	0x200	c92ced077364b300efd06b14c70a61dc	False	0.15625	data	1.1194718105633323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x59000	0x2b3000	0x200	8ad1d911e82c201b718bc143c87953a7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zvfjtapm	0x30c000	0x1a6000	0x1a5200	4e8d86ad11976eaf3737f93fe5dcff95	False	0.9943644024562185	data	7.954257082250238	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
oivbhgwd	0x4b2000	0x1000	0x600	0acf0830c8dcd252250ca56140816c21	False	0.5416666666666666	data	4.8664098063932615	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4b3000	0x3000	0x2200	09a88567d9dc546d5f50f1574be4b861	False	0.06192555147058824	DOS executable (COM)	0.7642999287227389	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4b0dd4	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-26T06:46:06.558382+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49730	104.21.7.169	443	TCP
2024-11-26T06:46:07.270993+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49730	104.21.7.169	443	TCP
2024-11-26T06:46:07.270993+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49730	104.21.7.169	443	TCP
2024-11-26T06:46:08.451513+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49731	104.21.7.169	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 06:46:05.334249020 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:05.334310055 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:05.334381104 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:05.338386059 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:05.338411093 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:06.558219910 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:06.558382034 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:06.562701941 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:06.562714100 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:06.562973976 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:06.603900909 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:06.609100103 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:06.609127998 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:06.609206915 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:07.271011114 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:07.271095037 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:07.271162987 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:07.272660017 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:07.272680998 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:07.272696018 CET	49730	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:07.272702932 CET	443	49730	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:07.318825960 CET	49731	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:07.318885088 CET	443	49731	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:07.318978071 CET	49731	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:07.319247961 CET	49731	443	192.168.2.4	104.21.7.169
Nov 26, 2024 06:46:07.319293022 CET	443	49731	104.21.7.169	192.168.2.4
Nov 26, 2024 06:46:08.451513052 CET	49731	443	192.168.2.4	104.21.7.169

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 06:46:04.474296093 CET	62868	53	192.168.2.4	1.1.1.1
Nov 26, 2024 06:46:04.744832993 CET	53	62868	1.1.1.1	192.168.2.4
Nov 26, 2024 06:46:04.750118017 CET	54505	53	192.168.2.4	1.1.1.1
Nov 26, 2024 06:46:04.992424965 CET	53	54505	1.1.1.1	192.168.2.4
Nov 26, 2024 06:46:04.995899916 CET	49925	53	192.168.2.4	1.1.1.1
Nov 26, 2024 06:46:05.327200890 CET	53	49925	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 06:46:04.474296093 CET	192.168.2.4	1.1.1.1	0x5838	Standard query (0)	property-imper.sbs	A (IP address)	IN (0x0001)	false
Nov 26, 2024 06:46:04.750118017 CET	192.168.2.4	1.1.1.1	0xa540	Standard query (0)	frogs-severz.sbs	A (IP address)	IN (0x0001)	false
Nov 26, 2024 06:46:04.995899916 CET	192.168.2.4	1.1.1.1	0xa278	Standard query (0)	occupy-blushi.sbs	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 06:46:04.744832993 CET	1.1.1.1	192.168.2.4	0x5838	Name error (3)	property-imper.sbs	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 06:46:04.992424965 CET	1.1.1.1	192.168.2.4	0xa540	Name error (3)	frogs-severz.sbs	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 06:46:05.327200890 CET	1.1.1.1	192.168.2.4	0xa278	No error (0)	occupy-blushi.sbs		104.21.7.169	A (IP address)	IN (0x0001)	false
Nov 26, 2024 06:46:05.327200890 CET	1.1.1.1	192.168.2.4	0xa278	No error (0)	occupy-blushi.sbs		172.67.187.240	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

occupy-blushi.sbs

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.21.7.169	443	7148	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 05:46:06 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: occupy-blushi.sbs
2024-11-26 05:46:06 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-26 05:46:07 UTC	1021	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 05:46:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=a94f22l45junsfbg4n44vehl68; expires=Fri, 21-Mar-2025 23:32:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQM8eruGVUIua7dN%2Bvxuf3WstanR6kVTWhVo6faupx3TpSc%2F8EPAVwfQg9F1kNXr7wXngi6J%2FRP90GNUXRBJCgzBKYWBZyvNc2A4V62PKRAP%2BQ%2FFA%2BtykMHlTMQpBHEnPKQE9g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e879380a8b54394-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2165&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=908&delivery_rate=1385199&cwnd=168&unsent_bytes=0&cid=82b2b4c22ef8997f&ts=725&x=0"
2024-11-26 05:46:07 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-26 05:46:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	00:46:03
Start date:	26/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa30000
File size:	1'895'424 bytes
MD5 hash:	4E74078466A464A3E168F9A2C0A81A5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	52.4%
Total number of Nodes:	63
Total number of Limit Nodes:	3

Executed Functions

Function 00A68440 Relevance: 16.5, APIs: 5, Strings: 4, Instructions: 702
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(519F4F9E), ref: 00A685B6
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00A685FD

Strings

9?, xrefs: 00A686E4
\, xrefs: 00A684EA
C, xrefs: 00A684DF
`c, xrefs: 00A68569

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: AllocBlanketProxyString
String ID: 9?$C$\$`c
API String ID: 900851650-1894639765
Opcode ID: a56ac182fefa9159eb7612bb7b1067de8c02fe476eb0bc990489e0adba6df800
Instruction ID: c823a63edd168caeaf165a0c07037de6faae0692b2d3fb21f1d7c37d070422f0
Opcode Fuzzy Hash: a56ac182fefa9159eb7612bb7b1067de8c02fe476eb0bc990489e0adba6df800
Instruction Fuzzy Hash: 08224372A083019FD724CF24C845B6BBBE9EF95354F188A2CF4959B2D1DB78D905CB82

Function 00A3C110 Relevance: 7.9, Strings: 6, Instructions: 438
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:#., xrefs: 00A3C5B8
HI, xrefs: 00A3C2E8
`, xrefs: 00A3C135
jYic, xrefs: 00A3C147
xYic, xrefs: 00A3C194
N, xrefs: 00A3C587

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: :#.$HI$N$`$jYic$xYic
API String ID: 0-1648544832
Opcode ID: ba9c046fa3f6e7197fe8ca5e2141916f5aecc0ad1e6c26e490c039a065c25283
Instruction ID: 81d55ade33b66bd1f23de55d38a72ada329ca510cf9c00b27bf8384ebbdb2ed1
Opcode Fuzzy Hash: ba9c046fa3f6e7197fe8ca5e2141916f5aecc0ad1e6c26e490c039a065c25283
Instruction Fuzzy Hash: B8D16B7260D3908FD324CF25985126BBBE2ABC1724F1CD92DE8D66B345DB758C098B82

Function 00A39FC0 Relevance: 1.6, APIs: 1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00A3A132

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 17a05425dbb023c7cddd4af3842b921186470432c4fcd1bb9827c1468fa89f69
Instruction ID: dce0200e04b8d6fa1a4a328d1a29e93ac527d9477f4e55464419ff350a52d73a
Opcode Fuzzy Hash: 17a05425dbb023c7cddd4af3842b921186470432c4fcd1bb9827c1468fa89f69
Instruction Fuzzy Hash: BE314933B4122517D72CB5B88D9A76BA1878BC4710F0E5638BEC8AF3D6FDA85C0942D5

Function 00A3E2DB Relevance: 1.5, Strings: 1, Instructions: 293
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+, xrefs: 00A3E40E

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-3030878397
Opcode ID: 30e719f3ad2b115f89c60c5e3bd2a7ddb387d07fd9ae6dceb93fd06b6db48eda
Instruction ID: 82d9b6299d46fabd21edf9bbb2a5a82212da0530d6de4255c3c33bd43ce52c08
Opcode Fuzzy Hash: 30e719f3ad2b115f89c60c5e3bd2a7ddb387d07fd9ae6dceb93fd06b6db48eda
Instruction Fuzzy Hash: 7091ACB19483D18AE335CF25D8917DBBBE1EB96314F08C96CD4C95B292DB75080ACB92

Function 00A6D770 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00A6FDAB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00A6D79E

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00A6DF42 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

MJKH, xrefs: 00A6DFA4

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: MJKH
API String ID: 0-1589446790
Opcode ID: a63c0405934da612d6b28290121524faf69a8e72ef821fa3a12d2fb76f7b2d81
Instruction ID: 2460bcdce10dab8aeabac13f9db8f7c5ec8d6d2040be61dd8e9f082fb4d71184
Opcode Fuzzy Hash: a63c0405934da612d6b28290121524faf69a8e72ef821fa3a12d2fb76f7b2d81
Instruction Fuzzy Hash: 5911E334645201ABE308DF19CC50B6AB7F3EBE5710F19C92CE0559F2E5CB759882CB46

Function 00A3B95B Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8784f653f41167258349969240eb51fa227695b6291a7656b3f5540b6332a251
Instruction ID: 83dabc928c5c7ee06c686d167f7d563a96344421acbf6efc6b64ca93e7980bb1
Opcode Fuzzy Hash: 8784f653f41167258349969240eb51fa227695b6291a7656b3f5540b6332a251
Instruction Fuzzy Hash: 5651E1B0E103059FD304EF68CD8AB6ABF71AB45314F0582ADD0902F392D774880ACBE6

Function 00A6AE30 Relevance: 1.5, APIs: 1, Instructions: 43
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?), ref: 00A6AEA8

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 13f898d454da9c4f78e2ba88be08d79473ee542976af44142a0fd33670c05256
Instruction ID: e3c9f13aa40433031145842eab6714a166fc530f8cd9200888c5a00386436312
Opcode Fuzzy Hash: 13f898d454da9c4f78e2ba88be08d79473ee542976af44142a0fd33670c05256
Instruction Fuzzy Hash: 46F02832E042A097F314DB25EC10B6A7FA6AFC5301F16C53CD8995B695CA354822CBD2

Function 00A3E29E Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00A3E2B0

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 843c95eceefdda91c8191917be7815617719e7c849d0f86a691285520714f5d3
Instruction ID: d09d4ecde35e4ed8d391543efe2c4ccd31f872e3fb1e602ad5abdf69a4f191d5
Opcode Fuzzy Hash: 843c95eceefdda91c8191917be7815617719e7c849d0f86a691285520714f5d3
Instruction Fuzzy Hash: FBE01C32BE534063F6288628DC03F0822021391F20F388218B314AE3C8C9E9A5028528

Function 00A3E260 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00A3E274

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 87202ac8ec991f4c516297b22f2f6ffeb121b0153a6e02310d4f2e361f35ea94
Instruction ID: bb3be472cccacb551c514a87781a12f9d14f1730d11d836168957f48ba563084
Opcode Fuzzy Hash: 87202ac8ec991f4c516297b22f2f6ffeb121b0153a6e02310d4f2e361f35ea94
Instruction Fuzzy Hash: 32E02B63BD0D4433E718A668DC07F46311BC3C2724F08C3266654CA7C9EE2CA84BC071

Function 00A3BB6C Relevance: 1.5, APIs: 1, Instructions: 16
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00A3BB87

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 9321721f146b42b631ccd8e7e0dc2d1806da96b29f3ef8a85b791d11cd3f2783
Instruction ID: ca0554c243919878a48a2efd1c00501dd35284367d9ffadda80a86f62c12fbb4
Opcode Fuzzy Hash: 9321721f146b42b631ccd8e7e0dc2d1806da96b29f3ef8a85b791d11cd3f2783
Instruction Fuzzy Hash: CDD0A7B6E40281ABDB04EBF0FC2696C3729DB49305B049038E507E21F2EA20C5618E50

Function 00A6AE17 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00A6AE1C

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4f2c91f42afa2817c41f2a90fc30540a5416e3b9faf3ab634e7ca46e74f8d6f3
Instruction ID: ac2aade19606c2a8a4d70ca3219d92c67f73700ba8b928052d1d3a2e0277897a
Opcode Fuzzy Hash: 4f2c91f42afa2817c41f2a90fc30540a5416e3b9faf3ab634e7ca46e74f8d6f3
Instruction Fuzzy Hash: 84B0923AB404099ADE115FA4FC057C8B720EB8426AF2000A6E62C990A1827255279B80

Function 00A8DC67 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00A8DCC8

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fda253beee211f4f54880e675146d530f1111d62ba8639ec956ac538d749bdbc
Instruction ID: ae7d38a5cd2a321cc758e94855cdf8e54ebb71322ceba1b274eaaa6e37e408cf
Opcode Fuzzy Hash: fda253beee211f4f54880e675146d530f1111d62ba8639ec956ac538d749bdbc
Instruction Fuzzy Hash: B2F082B352C6098FDB84AF78D81527E3BA0FF14211F25092DE4A2C6A90D6B5C810CB5A

Function 00A3EC00 Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 00A3EC00

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: ac7d9707d2b3d3653e956360051759b16860b645fd4706c4772b9f7bb00ceccd
Instruction ID: 7d6e026d51b3eec52d98fe1123961f4f3d8048845592b2dd0ff9a2425c85f475
Opcode Fuzzy Hash: ac7d9707d2b3d3653e956360051759b16860b645fd4706c4772b9f7bb00ceccd
Instruction Fuzzy Hash: CFB01237B41008484B0010A478000CDF324D28103970017B3C318D2400D62251248184

Non-executed Functions

Function 00A666BA Relevance: 90.4, Strings: 72, Instructions: 393COMMON

Download Yara Rule

Strings

Q, xrefs: 00A667BB
o, xrefs: 00A66952
y, xrefs: 00A668D3
K, xrefs: 00A66871
4, xrefs: 00A66752
J, xrefs: 00A66C34
@, xrefs: 00A66912
p, xrefs: 00A667C2
4, xrefs: 00A66C17
O, xrefs: 00A6688D
#, xrefs: 00A66728
m, xrefs: 00A6694A
0, xrefs: 00A6676E
w, xrefs: 00A668C5
M, xrefs: 00A66C3B
, xrefs: 00A6699E
?, xrefs: 00A66B29
9, xrefs: 00A66B11
5, xrefs: 00A669EA
t, xrefs: 00A667DE
_, xrefs: 00A66736
}, xrefs: 00A668EF
;, xrefs: 00A66B19
2, xrefs: 00A669E6
{, xrefs: 00A668E1
A, xrefs: 00A6682B
], xrefs: 00A6680F
s, xrefs: 00A668A9
%, xrefs: 00A66B01
', xrefs: 00A66B09
F, xrefs: 00A66936
H, xrefs: 00A666C6
8, xrefs: 00A66798
G, xrefs: 00A66855
!, xrefs: 00A6670C
T, xrefs: 00A668BE
_, xrefs: 00A6681D
`, xrefs: 00A6686A
6, xrefs: 00A66976
u, xrefs: 00A668B7
E, xrefs: 00A66847
w, xrefs: 00A66AED
7, xrefs: 00A6677C
P, xrefs: 00A66744
3, xrefs: 00A669E2
1, xrefs: 00A669DA
q, xrefs: 00A6689B
k, xrefs: 00A66942
W, xrefs: 00A667E5
=, xrefs: 00A66B21
L, xrefs: 00A6685C
i, xrefs: 00A6693A
), xrefs: 00A666F0
>, xrefs: 00A66B25
Y, xrefs: 00A667F3
C, xrefs: 00A66839
M, xrefs: 00A6687F
I, xrefs: 00A66863
%, xrefs: 00A666FE
e, xrefs: 00A66927
S, xrefs: 00A667C9
!, xrefs: 00A66AF1
g, xrefs: 00A66932
[, xrefs: 00A66801
U, xrefs: 00A667D7
L, xrefs: 00A66C42
c, xrefs: 00A66919
a, xrefs: 00A6690B
;, xrefs: 00A667A6
#, xrefs: 00A66AF9
K, xrefs: 00A66C2D
@, xrefs: 00A667B4

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: $!$!$#$#$%$%$'$)$0$1$2$3$4$4$5$6$7$8$9$;$;$=$>$?$@$@$A$C$E$F$G$H$I$J$K$K$L$L$M$M$O$P$Q$S$T$U$W$Y$[$]$_$_$`$a$c$e$g$i$k$m$o$p$q$s$t$u$w$w$y${$}
API String ID: 0-910493393
Opcode ID: 63f69206245c12e20d8ef5142274524e534dfefc4af9b8dfc7b8484ac459418d
Instruction ID: ae5a198fab99f873295debc5919319d52725cebd50d22ac7a83936ec2922dab6
Opcode Fuzzy Hash: 63f69206245c12e20d8ef5142274524e534dfefc4af9b8dfc7b8484ac459418d
Instruction Fuzzy Hash: 58223021D087E989DB22C67C8C487CDBFB15B62324F1843D9D5E86B3D2C7B50A85CB62

Function 00A67154 Relevance: 37.8, Strings: 30, Instructions: 345COMMON

Download Yara Rule

Strings

2, xrefs: 00A6716E
%, xrefs: 00A67216
M, xrefs: 00A672DA
?, xrefs: 00A6717C
[, xrefs: 00A6724E
d, xrefs: 00A6725C
<, xrefs: 00A6742A
1, xrefs: 00A671B4
M, xrefs: 00A675CA
^, xrefs: 00A67240
L, xrefs: 00A675D1
., xrefs: 00A671D0
s, xrefs: 00A6745C
M, xrefs: 00A672B0
0, xrefs: 00A675A6
t, xrefs: 00A672BE
>, xrefs: 00A67433
k, xrefs: 00A67484
P, xrefs: 00A67294
i, xrefs: 00A67278
q, xrefs: 00A67474
o, xrefs: 00A67454
K, xrefs: 00A675BC
i, xrefs: 00A67286
, xrefs: 00A67160
J, xrefs: 00A675C3
H, xrefs: 00A672E8
t, xrefs: 00A672CC
?, xrefs: 00A671A6
N, xrefs: 00A672A2

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: $%$.$0$1$2$<$>$?$?$H$J$K$L$M$M$M$N$P$[$^$d$i$i$k$o$q$s$t$t
API String ID: 0-821740661
Opcode ID: 50e7b6145bcba8683bf592a19d7e1f216285de2c36b81c69a2b437a9433d553c
Instruction ID: 4c343a92905789b58c1e87149bd499fb6ed8a22fee6382df715b7586df16e233
Opcode Fuzzy Hash: 50e7b6145bcba8683bf592a19d7e1f216285de2c36b81c69a2b437a9433d553c
Instruction Fuzzy Hash: E5F1B231D086E98ADB36C63C8C183DDBEB25B56324F0943E9D4A96B3C2C7754E86CB51

Function 00A680A0 Relevance: 20.3, Strings: 16, Instructions: 284COMMON

Download Yara Rule

Strings

L, xrefs: 00A680AF
J, xrefs: 00A68110
J, xrefs: 00A6835C
G, xrefs: 00A680B4
F, xrefs: 00A680B9
M, xrefs: 00A68361
L, xrefs: 00A68229
M, xrefs: 00A68115
J, xrefs: 00A6821F
K, xrefs: 00A68357
L, xrefs: 00A6811A
M, xrefs: 00A68224
K, xrefs: 00A6810B
A, xrefs: 00A680BE
K, xrefs: 00A6821A
L, xrefs: 00A68366

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: A$F$G$J$J$J$K$K$K$L$L$L$L$M$M$M
API String ID: 2994545307-531100779
Opcode ID: 601ee5175373872cf84ff2a8f9a1bbbd05356b56145cc3bddcdc777c63a024f1
Instruction ID: 23605da3082b21880ab09c736dd96d8cad81a36e81155d3174f4f8ff399baa54
Opcode Fuzzy Hash: 601ee5175373872cf84ff2a8f9a1bbbd05356b56145cc3bddcdc777c63a024f1
Instruction Fuzzy Hash: E1B1C2B160C7808BD3199B38C45436ABBF6ABD2314F188A6DE2D58B392DA7DC845C747

Function 00A4B0C3 Relevance: 11.4, Strings: 9, Instructions: 149COMMON

Download Yara Rule

Strings

*3Ag, xrefs: 00A4B20F
&?7+, xrefs: 00A4B1F7
{gwp, xrefs: 00A4B298, 00A4B29C
{#kg, xrefs: 00A4B250
}7}~, xrefs: 00A4B21F
h^qp, xrefs: 00A4B227
&, xrefs: 00A4B23E
dbj-, xrefs: 00A4B207
KHGP, xrefs: 00A4B22F

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: &$&?7+$*3Ag$KHGP$dbj-$h^qp${#kg${gwp$}7}~
API String ID: 0-709692892
Opcode ID: 246a380012f8cc5fa574db3dda7a43308df5ae92cad447b58ee84e0eb107aac7
Instruction ID: 5adfa3ad21b478dadde203a98662e3505d4e6a2254cde8afd6fd7646f31e313c
Opcode Fuzzy Hash: 246a380012f8cc5fa574db3dda7a43308df5ae92cad447b58ee84e0eb107aac7
Instruction Fuzzy Hash: 1B41017561C3809FD704CF28D8A47ABBBE1AFD2304F44995CF0C19B291C7B5890ACB92

Function 00C055FF Relevance: 10.4, Strings: 7, Instructions: 1659COMMON

Download Yara Rule

Strings

XIi, xrefs: 00C06356
al+_, xrefs: 00C05CE6
jd'i, xrefs: 00C060BF
_>?, xrefs: 00C0619F
c3]>, xrefs: 00C05F94
,>Z, xrefs: 00C0696A
4>~, xrefs: 00C06054

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: ,>Z$4>~$XIi$_>?$al+_$c3]>$jd'i
API String ID: 0-3308612115
Opcode ID: 5adf2a5231e7f4a1a34e7537e6a54c3e6e8553da7abcc66b6440e61e8fe81cf0
Instruction ID: 5c93f6dc6b6f63fb058097a771d3d77d8bc5da6430b12a6ec0b8cd56f85ef339
Opcode Fuzzy Hash: 5adf2a5231e7f4a1a34e7537e6a54c3e6e8553da7abcc66b6440e61e8fe81cf0
Instruction Fuzzy Hash: BBB228F350C204AFE314AE2DEC8567AFBE9EF94720F1A493DE6C4C7744EA3558018696

Function 00C021E0 Relevance: 10.4, Strings: 7, Instructions: 1632COMMON

Download Yara Rule

Strings

GKgf, xrefs: 00C02F85
6cR, xrefs: 00C034CF
S+?O, xrefs: 00C02CB0
pFM@, xrefs: 00C02DB7
aVc^, xrefs: 00C03459
#!^w, xrefs: 00C02E29
jo{o, xrefs: 00C02B7B

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: #!^w$6cR$GKgf$S+?O$aVc^$jo{o$pFM@
API String ID: 0-2717878559
Opcode ID: a392124c177286f3365efa9ce909900790a2ca6f8a269da05b63004c8aa374da
Instruction ID: d57ca02011a6fa0967b65c50abacb46c42a3166f944834f69b9d11bdd0417363
Opcode Fuzzy Hash: a392124c177286f3365efa9ce909900790a2ca6f8a269da05b63004c8aa374da
Instruction Fuzzy Hash: 9DB228F3A0C2049FE3046E2DEC8567ABBD9EFD4720F1A463DEAC4C3744EA7558058696

Function 00A55140 Relevance: 9.2, Strings: 7, Instructions: 463COMMON

Download Yara Rule

Strings

L!P#, xrefs: 00A55333, 00A5533D
!Y)[, xrefs: 00A551B7
5M0O, xrefs: 00A551DF
(],_, xrefs: 00A551BF
9Q>S, xrefs: 00A551C7
a%a', xrefs: 00A551AF
7E9G, xrefs: 00A551EF

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: !Y)[$(],_$5M0O$7E9G$9Q>S$L!P#$a%a'
API String ID: 0-2485343756
Opcode ID: 05d017ff122933c90526df4c7944e2e35fea3cdbbaa4892d284e1ec7a3df5cc7
Instruction ID: 5cbd586f3a9e3bd1e4b15fe11d18359fff27f0be33c555f8b286709ed2743636
Opcode Fuzzy Hash: 05d017ff122933c90526df4c7944e2e35fea3cdbbaa4892d284e1ec7a3df5cc7
Instruction Fuzzy Hash: A1F1F1B1908340DFE324CF64DD9172FBBB1FB95301F55892CE98A9B251D7349846CB92

Function 00C0C3AD Relevance: 9.0, Strings: 6, Instructions: 1534COMMON

Download Yara Rule

Strings

L,p, xrefs: 00C0CF4A
FiV!, xrefs: 00C0CAE6
5x}, xrefs: 00C0D100
BbO{, xrefs: 00C0CA0D
vs?, xrefs: 00C0C61E
$y?, xrefs: 00C0CE73

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: L,p$$y?$5x}$BbO{$FiV!$vs?
API String ID: 0-3194367578
Opcode ID: 89a264b7267aa37d12a1a036300b66a45f893f43f394c993e75fa6ecc63de9af
Instruction ID: 0a7987ef8c4e8f506c97a8f1eff30f4ffcebe4b1afab1112c40b9528adabdb86
Opcode Fuzzy Hash: 89a264b7267aa37d12a1a036300b66a45f893f43f394c993e75fa6ecc63de9af
Instruction Fuzzy Hash: 42A2E3F3A0C2009FE7046E2DEC8567ABBE5EB94320F1A4A3DEAC5C3744E63558158797

Function 00A4742C Relevance: 8.5, Strings: 6, Instructions: 1044COMMON

Download Yara Rule

Strings

M\, xrefs: 00A47961
&], xrefs: 00A47971
,, xrefs: 00A47438
ONI, xrefs: 00A47EE0
`kj), xrefs: 00A476F6
O], xrefs: 00A47969

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: &]$,$M\$O]$`kj)$ONI
API String ID: 0-1839178775
Opcode ID: 15953047dea6dbcc6c76c2f95fc8cfd9cfb708033b6f7adb0d8284a2cb674135
Instruction ID: 2d160325584dfb440ab09b570aa0f341ada6507d8595dda9491a99557c964fc0
Opcode Fuzzy Hash: 15953047dea6dbcc6c76c2f95fc8cfd9cfb708033b6f7adb0d8284a2cb674135
Instruction Fuzzy Hash: 6882DF756083818FD724CF28C89176FBBE2EFD5310F18896DE4C98B291EB799805CB52

Function 00B0B3D6 Relevance: 8.1, Strings: 6, Instructions: 615COMMON

Download Yara Rule

Strings

`, xrefs: 00B0B571
x, xrefs: 00B0BB16
!, xrefs: 00B0BAD6
}, xrefs: 00B0B7D5
@, xrefs: 00B0B9A9
g, xrefs: 00B0BA33

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: !$@$`$g$x$}
API String ID: 0-1610244292
Opcode ID: acba206c373baa69f7ab103487ce0579eb86d9e9abd3b8a163a178c8494641a7
Instruction ID: 7e881704df3c8a7430f019240a85b512bc09fab032a51a5b3f5de1a618daf5e2
Opcode Fuzzy Hash: acba206c373baa69f7ab103487ce0579eb86d9e9abd3b8a163a178c8494641a7
Instruction Fuzzy Hash: 2E2238E3F616144BF7544439CD593A21983D7E1325F2FC2B88A58ABBC9DDBE8C4A4384

Function 00B0B49F Relevance: 8.0, Strings: 6, Instructions: 464COMMON

Download Yara Rule

Strings

`, xrefs: 00B0B571
x, xrefs: 00B0BB16
!, xrefs: 00B0BAD6
}, xrefs: 00B0B7D5
@, xrefs: 00B0B9A9
g, xrefs: 00B0BA33

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: !$@$`$g$x$}
API String ID: 0-1610244292
Opcode ID: 763a39c8f50b3ead6f751f9e04c1a0d82b818d7bf4466926e90bd6b0ea89bc61
Instruction ID: e656ca9000c72466bf5e155c06bc94199445447ae4fe05b72428d4db683d0c26
Opcode Fuzzy Hash: 763a39c8f50b3ead6f751f9e04c1a0d82b818d7bf4466926e90bd6b0ea89bc61
Instruction Fuzzy Hash: 8FF148F3F615140AF7A44439CD193A21983D7E1325F2FC2B48A58ABBC9DDBE8D4A4385

Function 00C00799 Relevance: 7.8, Strings: 5, Instructions: 1595COMMON

Download Yara Rule

Strings

Q>iW, xrefs: 00C00844
#}/K, xrefs: 00C01A31
gFw?, xrefs: 00C0087F
D)?y, xrefs: 00C012E3
!)v, xrefs: 00C00D56

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: !)v$#}/K$D)?y$Q>iW$gFw?
API String ID: 0-3259224875
Opcode ID: 5f959a3c8428c3423413507523c93229c499aab40ef43b9463e5c43bbfd32d79
Instruction ID: dd836859f5a1eb7b38dc9bb2d05c57eacd408a7d669506a3d1b54792f4e2e154
Opcode Fuzzy Hash: 5f959a3c8428c3423413507523c93229c499aab40ef43b9463e5c43bbfd32d79
Instruction Fuzzy Hash: ABB219F36082049FE3046E2DEC8567AFBE9EF94720F1A453DEAC5C3744EA3558058697

Function 00A3B46C Relevance: 7.6, Strings: 6, Instructions: 65COMMON

Download Yara Rule

Strings

\S, xrefs: 00A3B4C9
]%V', xrefs: 00A3B532
MW, xrefs: 00A3B4BB
S!S#, xrefs: 00A3B52B
JO, xrefs: 00A3B4C2
X)*+, xrefs: 00A3B539

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: JO$MW$S!S#$X)*+$\S$]%V'
API String ID: 0-2958006418
Opcode ID: 8299e4a67ff1c622de4e36f15bb82f7210487a37c5cf21e5d9dadaab32978258
Instruction ID: 828e51866a01f22a46c1facb76e97de6f17ae30483cddbfc69ad4d1f7bd2bf4b
Opcode Fuzzy Hash: 8299e4a67ff1c622de4e36f15bb82f7210487a37c5cf21e5d9dadaab32978258
Instruction Fuzzy Hash: 2C3151B59053809FDF58DF14E9E025A3FB0EB06340F64A588D8996F30AE374C982CF81

Function 00BFD19F Relevance: 6.6, Strings: 4, Instructions: 1616COMMON

Download Yara Rule

Strings

UJJ}, xrefs: 00BFD71A
_;GU, xrefs: 00BFDDA6
L=sj, xrefs: 00BFD566
jGk, xrefs: 00BFD3C4

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: L=sj$UJJ}$_;GU$jGk
API String ID: 0-3092673410
Opcode ID: ff7334b3320ae1f54cc77e8e0532494a09e0115f00ce7b6065225553f43f6144
Instruction ID: 942316e04f287fcf47eb6c620dbd00c866653265baaed6fdf0d5293ff752d309
Opcode Fuzzy Hash: ff7334b3320ae1f54cc77e8e0532494a09e0115f00ce7b6065225553f43f6144
Instruction Fuzzy Hash: 74B219F39082149FE3046E2DEC8567ABBE5EF94720F1A493DEAC4C3744EA3598058797

Function 00A49113 Relevance: 6.4, Strings: 5, Instructions: 147COMMON

Download Yara Rule

Strings

JPJY, xrefs: 00A491FB
rhrQ, xrefs: 00A491E5
ujG|, xrefs: 00A49244
KKwD, xrefs: 00A49206
OX, xrefs: 00A49211

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: JPJY$KKwD$OX$rhrQ$ujG|
API String ID: 2994545307-3098847683
Opcode ID: 1cc5375781138f6405b18d7146100c4b68ebd84783b0aa4213df6d6791006036
Instruction ID: 78ac5328bf81994a622e6eadd6e4cb1492edb22d616b20ff11083f12c324955b
Opcode Fuzzy Hash: 1cc5375781138f6405b18d7146100c4b68ebd84783b0aa4213df6d6791006036
Instruction Fuzzy Hash: 4D412C769083918BD335CF19C8817AFB7E2EFD4304F19CA3DD48E57252DA7558468782

Function 00BF8590 Relevance: 6.3, Strings: 4, Instructions: 1332COMMON

Download Yara Rule

Strings

ge7~, xrefs: 00BF9029
bov, xrefs: 00BF8BA3
Qzuv, xrefs: 00BF87CC
5??, xrefs: 00BF8D8A

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 5??$Qzuv$ge7~$bov
API String ID: 0-3773360397
Opcode ID: a166d75f0c6ca508c47a56ebeb085754b889155ebf7162fc98625d167533cef6
Instruction ID: e0cf0f69972da830758078b823342a272070017ad65554004b2447066fc8417d
Opcode Fuzzy Hash: a166d75f0c6ca508c47a56ebeb085754b889155ebf7162fc98625d167533cef6
Instruction Fuzzy Hash: 2792E2F260C204AFE304AE29EC8577ABBE5EF94720F16493DE6C5C3744EA3598418797

Function 00A3C680 Relevance: 5.5, Strings: 4, Instructions: 530COMMON

Download Yara Rule

Strings

{}, xrefs: 00A3C786
O;, xrefs: 00A3C8E8
+<, xrefs: 00A3C8FC
?=, xrefs: 00A3C8F2

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: +<$?=$O;${}
API String ID: 0-4220621769
Opcode ID: 77fb66b3fa08ba2e3b06366e0a3271e8ee957edd7ed5a4f7cd474dc3e5e4904f
Instruction ID: ac03ba50f80b5638ab15b06347fb473bb24c01fb48e02a4991a786f82358d6de
Opcode Fuzzy Hash: 77fb66b3fa08ba2e3b06366e0a3271e8ee957edd7ed5a4f7cd474dc3e5e4904f
Instruction Fuzzy Hash: AA1257B1604B01CFD324CFB5DD9179BBBF6BB85314F04892CE5AA8B6A0C7B5A4468F40

Function 00A42422 Relevance: 5.4, Strings: 4, Instructions: 359COMMON

Download Yara Rule

Strings

j, xrefs: 00A4274B
J, xrefs: 00A424C2
6, xrefs: 00A42606
9, xrefs: 00A42435

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 6$9$J$j
API String ID: 0-1744931678
Opcode ID: e281089ab5e1887f20290f7d6eab686122627fa899e8f24cea3e7be08cc888c2
Instruction ID: 78520742bc16c2d812c223b58b70561528edac9c4f2000d1ad1ba81a2f1aa999
Opcode Fuzzy Hash: e281089ab5e1887f20290f7d6eab686122627fa899e8f24cea3e7be08cc888c2
Instruction Fuzzy Hash: DFD1F179A0C7908BD724AB38C5943AEBBE1ABD5320F594A3DF4E9C7382D63489418743

Function 00A5B455 Relevance: 5.3, Strings: 4, Instructions: 320COMMON

Download Yara Rule

Strings

zt-|, xrefs: 00A5CB5D
$8r9, xrefs: 00A5CAF9
ft-|, xrefs: 00A5CB21
nLv(, xrefs: 00A5CAEF

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: $8r9$ft-|$nLv($zt-|
API String ID: 0-1094081626
Opcode ID: 3e55c6aa73ac46397c80e64604de08ec20c39642e760ace2be1703b5faf1c334
Instruction ID: fa64baead122fcef2cab55433c8c9c6419c770427558d62e755b2b008520598d
Opcode Fuzzy Hash: 3e55c6aa73ac46397c80e64604de08ec20c39642e760ace2be1703b5faf1c334
Instruction Fuzzy Hash: 05B12971604B818FD725CF39C4507A3BBE2AF92315F18896DC4EB8B786DB79A409CB11

Function 00A69397 Relevance: 4.2, Strings: 3, Instructions: 435COMMON

Download Yara Rule

Strings

., xrefs: 00A6946E
~9R7, xrefs: 00A69735
45, xrefs: 00A696E0

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: .$45$~9R7
API String ID: 0-2109091009
Opcode ID: 4fbb146792b6fcbd9799c11f84c539cedb386afb1f1dc9226ddd2356303be322
Instruction ID: 3f86d2424a305a31d414431d848a3ba2cf94a7f776c6f7428101badcf38cd385
Opcode Fuzzy Hash: 4fbb146792b6fcbd9799c11f84c539cedb386afb1f1dc9226ddd2356303be322
Instruction Fuzzy Hash: A4D1CC35628356CBC718AF38EC112ABB3F5FF4A751F09C869C4898B2A0E779C591C712

Function 00A3F1F6 Relevance: 4.1, Strings: 3, Instructions: 363COMMON

Download Yara Rule

Strings

G!y, xrefs: 00A3F5A7
r, xrefs: 00A3F220
(/"), xrefs: 00A3F326

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: G!y$(/")$r
API String ID: 0-1446049748
Opcode ID: fa248376d74c67dfcfa6d6efd230d8f8537c7824a92ac3671c71d853eadca285
Instruction ID: 1ad6a09723d0d73a05894ae7e7aec280d74480375326e05505565166f5f9cb4e
Opcode Fuzzy Hash: fa248376d74c67dfcfa6d6efd230d8f8537c7824a92ac3671c71d853eadca285
Instruction Fuzzy Hash: 31C1E37261C3C18FD335CF25C4917EBBBE1ABE6304F18896DE4D98B252D77484068B92

Function 00A495B0 Relevance: 3.8, Strings: 2, Instructions: 1284COMMON

Download Yara Rule

Strings

W9W;, xrefs: 00A499C4
$%, xrefs: 00A499CC

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: $%$W9W;
API String ID: 2994545307-4230943747
Opcode ID: a4365b92fddedfbe829859d41d389db7d9931241de7567dea3d3e06f6a29f5e5
Instruction ID: 7707a692edf48fc1a278a43bab6c30d802ec5825d785959329cdb37664582e47
Opcode Fuzzy Hash: a4365b92fddedfbe829859d41d389db7d9931241de7567dea3d3e06f6a29f5e5
Instruction Fuzzy Hash: 8892E0756083409FE724CF64C885B6BBBF2EBD5304F68C92CE4899B252D776D842CB52

Function 00A4C5A0 Relevance: 2.9, Strings: 2, Instructions: 403COMMON

Download Yara Rule

Strings

x+f), xrefs: 00A4C6B0
P7}5, xrefs: 00A4C63D

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: P7}5$x+f)
API String ID: 0-496817330
Opcode ID: 49aef7215a021496d9ae4137f0a6e028f7eca93e1fa7a9d0ecafa0fad988dd25
Instruction ID: 1119d55e3e81318fd3895439bf056206f4d84ec87304be3059bb6ad9ca3e64aa
Opcode Fuzzy Hash: 49aef7215a021496d9ae4137f0a6e028f7eca93e1fa7a9d0ecafa0fad988dd25
Instruction Fuzzy Hash: EBB1DCB99093008BC3248F28C85266BB7F1FFD5364F198A1DE8D99B391E774D905CB92

Function 00AF956A Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

%)k, xrefs: 00AF9837
%U%, xrefs: 00AF980E

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: %U%$%)k
API String ID: 0-3351200063
Opcode ID: 5e2889ef531417819ac7f69d875653b31ed45eb11b070bced0360c822446b3c0
Instruction ID: 53d84d3d76618de4137659f34b3322ef739c26d909e92f46da030ab420a37626
Opcode Fuzzy Hash: 5e2889ef531417819ac7f69d875653b31ed45eb11b070bced0360c822446b3c0
Instruction Fuzzy Hash: 0FB18AF3F1162547F3584928CC683A27282EB95325F2F82788F4A6B7C5D97E9D0A5384

Function 00A580FF Relevance: 2.8, Strings: 2, Instructions: 285COMMON

Download Yara Rule

Strings

U\, xrefs: 00A582D7
L, xrefs: 00A582DF

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: L$U\
API String ID: 0-2735742508
Opcode ID: 9e34fcec98cb909711e842f80c26193a2dc2724737f9c521327c96c7ea15c36c
Instruction ID: f9d78d341c10dd4905cb7f2d43aee5bf0ac127ef36b9433175961fee3be1566e
Opcode Fuzzy Hash: 9e34fcec98cb909711e842f80c26193a2dc2724737f9c521327c96c7ea15c36c
Instruction Fuzzy Hash: 5F918E722183518FD719CF29D85139FBBE1EBC5700F168C2CD8E69B281DB78954ACB92

Function 00AFB275 Relevance: 1.8, Strings: 1, Instructions: 559COMMON

Download Yara Rule

Strings

ZN\, xrefs: 00AFBA03

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: ZN\
API String ID: 0-853776103
Opcode ID: d12f1796eabcf53713d83105a94fc1f15058f6556d3ec563014f15f9159e3a2f
Instruction ID: f02a52daff760664dc313c619901667e99e54c3783007da0e80469a716cac263
Opcode Fuzzy Hash: d12f1796eabcf53713d83105a94fc1f15058f6556d3ec563014f15f9159e3a2f
Instruction Fuzzy Hash: 5812D1F3E102244BF3444E78DC99366BA92EB94320F2B863C9E989B7C5DD7D9C094784

Function 00B067F9 Relevance: 1.8, Strings: 1, Instructions: 544COMMON

Download Yara Rule

Strings

\$x|, xrefs: 00B06EF2

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: \$x|
API String ID: 0-562974675
Opcode ID: ef527d4578d5d1eb5efcf1a42012eaf38990bf92c7798ed63e290e8bd1b437d6
Instruction ID: a94b3264b789f32dd9a4709028139f92c1212e023d715a49ffce7e97dc14ceeb
Opcode Fuzzy Hash: ef527d4578d5d1eb5efcf1a42012eaf38990bf92c7798ed63e290e8bd1b437d6
Instruction Fuzzy Hash: E902DEF3F156144BF3084928DC983A67692EBD5324F2B863C9B88977C5D97E9C068385

Function 00AC25F2 Relevance: 1.8, Strings: 1, Instructions: 507COMMON

Download Yara Rule

Strings

Vh~, xrefs: 00AC2BBE

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: Vh~
API String ID: 0-1688146504
Opcode ID: a45fc9bf28488c909c5d8dd06a93436728a511e9791363a31b4851364ba5fb33
Instruction ID: 5edad91b21ec497b4823c3ef13dc2c673011e6bd4c100d174b21a7c8e0449aa2
Opcode Fuzzy Hash: a45fc9bf28488c909c5d8dd06a93436728a511e9791363a31b4851364ba5fb33
Instruction Fuzzy Hash: 2602D2B3F156104BF3444E29DC88366B6D2EB94320F1B863CDAD8AB7C4D97E9D098785

Function 00A5A190 Relevance: 1.7, Strings: 1, Instructions: 472COMMON

Download Yara Rule

Strings

", xrefs: 00A5A498

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 59436c6e06a0de64babbe52854b2dd8013964ca26946e14010f38e71565636b5
Instruction ID: 3047548bee5ec940ab8eb85ab028d342c2d417b51fa0933f602d807bd5a67c43
Opcode Fuzzy Hash: 59436c6e06a0de64babbe52854b2dd8013964ca26946e14010f38e71565636b5
Instruction Fuzzy Hash: 42E1E472B083149FC7248F24C85066BB7E5BFA5355F0D8A2DEC9A8B381E634DD088792

Function 00A9F26D Relevance: 1.7, Strings: 1, Instructions: 466COMMON

Download Yara Rule

Strings

1V}, xrefs: 00A9F6CD

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 1V}
API String ID: 0-4134959863
Opcode ID: 6090efa5de82d97727a02237ecb2f051516fb1d62479e78101acd2d5532486b3
Instruction ID: 9e97ad49d286c99741e1787af43d66ac52a89f7f6037968aee871856801674d2
Opcode Fuzzy Hash: 6090efa5de82d97727a02237ecb2f051516fb1d62479e78101acd2d5532486b3
Instruction Fuzzy Hash: 49F1B4F3F112144BF3445E39CD85366B693EBD4710F2B82389A889B7C9E97D9C0A8785

Function 00AF55DB Relevance: 1.7, Strings: 1, Instructions: 452COMMON

Download Yara Rule

Strings

Siw_, xrefs: 00AF5A58

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: Siw_
API String ID: 0-609234091
Opcode ID: 4b13b9a09566d3567ed4907110dfaced6648e2de3c48c2800e145265cef23ea4
Instruction ID: 44a89c7cac9f17660bb8dc75b9fc68952719ae9ea34bac00435af1d60ac56c3f
Opcode Fuzzy Hash: 4b13b9a09566d3567ed4907110dfaced6648e2de3c48c2800e145265cef23ea4
Instruction Fuzzy Hash: F0E1DEF3F152144BF3045E29DC843A6BB92EBD4320F2B853DDA899B7C5D97E6C068285

Function 00AED4FB Relevance: 1.7, Strings: 1, Instructions: 405COMMON

Download Yara Rule

Strings

's, xrefs: 00AED97A

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 's
API String ID: 0-3827514466
Opcode ID: 1ec2f6ba6f0bd2dd3698a0bcf21e5748b5e739398af102a8bd867f2fc02c585c
Instruction ID: 94cc0b6182560be24816ba2228bc8bb8038e043757b47e3befc4ddb6580f025b
Opcode Fuzzy Hash: 1ec2f6ba6f0bd2dd3698a0bcf21e5748b5e739398af102a8bd867f2fc02c585c
Instruction Fuzzy Hash: 31D1D1F3B146104BF3085E29DC9537AB7D2EBD5310F2A813DD789977C8EA79980A8385

Function 00A5D398 Relevance: 1.6, Strings: 1, Instructions: 328COMMON

Download Yara Rule

Strings

6T^{, xrefs: 00A5D59C

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 6T^{
API String ID: 0-2086544995
Opcode ID: d6bd139306e98d4bfd362d042d555ed60237822ea973e6ad31cd6c4c475cb65b
Instruction ID: d47267cf8b35fca17d1c834f80756e759d646f4647813862f6f22e5f2ee6affe
Opcode Fuzzy Hash: d6bd139306e98d4bfd362d042d555ed60237822ea973e6ad31cd6c4c475cb65b
Instruction Fuzzy Hash: D1A102716447418FE3318B358891BA3BBE1BF56315F188A6DD8EA4B382D734B449CB91

Function 00AF75F8 Relevance: 1.6, Strings: 1, Instructions: 324COMMON

Download Yara Rule

Strings

3]d", xrefs: 00AF78FA

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 3]d"
API String ID: 0-1934613239
Opcode ID: b202b79f00bca476ef6f31e6869cc65306e56977c5de156287ed25e48179f31b
Instruction ID: 69a82d34409ff8b8664b4a8462453c16006b24439121eece9054260b71479b3b
Opcode Fuzzy Hash: b202b79f00bca476ef6f31e6869cc65306e56977c5de156287ed25e48179f31b
Instruction Fuzzy Hash: E2B18CB3F116250BF3540968CD993A26683ABD5324F2F82788F5C6B7C9D97E9C4A43C4

Function 00ADA6D4 Relevance: 1.6, Strings: 1, Instructions: 317COMMON

Download Yara Rule

Strings

atu', xrefs: 00ADA6D4

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: atu'
API String ID: 0-107263790
Opcode ID: 18cdf1777434f0a1724189a2af481028a3336f9f57a346fbd44bd49d88b49976
Instruction ID: 01ecd35a1e3b8de572a504f5e9f9cdb711de74f1175503e8ad3f21dcdfb38f73
Opcode Fuzzy Hash: 18cdf1777434f0a1724189a2af481028a3336f9f57a346fbd44bd49d88b49976
Instruction Fuzzy Hash: A0B16CB3F5152547F3484D28CC643A27683EBD5324F2F82388A99AB7C9E93E9D065384

Function 00AF4388 Relevance: 1.6, Strings: 1, Instructions: 310COMMON

Download Yara Rule

Strings

FjQ, xrefs: 00AF45E9

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: FjQ
API String ID: 0-2567836416
Opcode ID: 892d78405eea8ce6a24d6e9f0d78db4fa8390debef875ebb4a3210bb89ff419e
Instruction ID: 7994f45acf8c39a217cfcba4fb7ca8054bef449e5d90f16fa99d1527d688f4b9
Opcode Fuzzy Hash: 892d78405eea8ce6a24d6e9f0d78db4fa8390debef875ebb4a3210bb89ff419e
Instruction Fuzzy Hash: BCB19CB3F2162447F3444938CC983A27682E795325F2F82788F99AB7C5DD7E5D0A5388

Function 00ACB788 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

}jY, xrefs: 00ACBA10

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: }jY
API String ID: 0-4208168968
Opcode ID: b28ac91ff94b9688e39be12f79855d097169ff28dcab6afb0161a3ef3e1d506f
Instruction ID: 49bda254605512d0ea678bca1e27d89c9acfc6d6381626603eb7781810f7306b
Opcode Fuzzy Hash: b28ac91ff94b9688e39be12f79855d097169ff28dcab6afb0161a3ef3e1d506f
Instruction Fuzzy Hash: EBA168B3F216154BF3444929DC583A22683EBE5325F3F82388A499B7C9ED7E990A5344

Function 00ADC6BA Relevance: 1.5, Strings: 1, Instructions: 289COMMON

Download Yara Rule

Strings

:, xrefs: 00ADC86F

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: febe739e240e6d2041e83ae7890cc947875e2611cdfa0d707ef318fdfc80d50c
Instruction ID: 3da55cf96a8959321c339f3b38d1c1323e67dccdef8da503d65a981184c94f34
Opcode Fuzzy Hash: febe739e240e6d2041e83ae7890cc947875e2611cdfa0d707ef318fdfc80d50c
Instruction Fuzzy Hash: 04A1ADB3F106254BF3544D78CC983A2B693EB95321F2F42388E986B7C5D97E5D099384

Function 00A5B472 Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

_[WX, xrefs: 00A5D189

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: _[WX
API String ID: 0-1116279788
Opcode ID: 5c5adcf189db97299e48fe16541877773cfdfedefe9fbf44be0f9731c6ff3117
Instruction ID: b740db86edcd02a0be491150eab77519b765a0a600b90f191159de776c8a1597
Opcode Fuzzy Hash: 5c5adcf189db97299e48fe16541877773cfdfedefe9fbf44be0f9731c6ff3117
Instruction Fuzzy Hash: 9381A770208B808FE7358B3584647B3BBE1AF53315F18895DD4EB8B2D2D779A409CB66

Function 00A707F0 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

KJML, xrefs: 00A70825

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: KJML
API String ID: 2994545307-719402181
Opcode ID: a3b112eec8432fb7f72b474092364ccaacb0521b2f0d4047b4b6ce48e59e43e4
Instruction ID: 276613f5cd511c3dd2a3e4c70b932fd6aabadbcc88971c0bcc7c21546ac63952
Opcode Fuzzy Hash: a3b112eec8432fb7f72b474092364ccaacb0521b2f0d4047b4b6ce48e59e43e4
Instruction Fuzzy Hash: 41816835608301DFD714DF19C99092AB7B2AF99350F15D92CE9888B362E731EC51CB82

Function 00ADC2B9 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

Q, xrefs: 00ADC364

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-3463352047
Opcode ID: ecdca8792286169594e6c1e45159350c8a6dd4f1cf0bdbfe6105a2f3e4b5133d
Instruction ID: d623b11b731c9c640f17fdafcda2c2d45bd8715aefde0f7ebdc28f749cdf515e
Opcode Fuzzy Hash: ecdca8792286169594e6c1e45159350c8a6dd4f1cf0bdbfe6105a2f3e4b5133d
Instruction Fuzzy Hash: 28918FB3F116244BF3544968CC983A27292E796321F2F8278CE8C6B7D5DD7E9C4A5384

Function 00AA0269 Relevance: 1.5, Strings: 1, Instructions: 229COMMON

Download Yara Rule

Strings

;, xrefs: 00AA035F

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: dfdfef2fa9527a1d731fa56b8be768ba799ab384c27167a08d44dfff5f64077b
Instruction ID: c5c24974a3d9b99ced74b648bea1a40c6d37c524acb88c27be7591503a908123
Opcode Fuzzy Hash: dfdfef2fa9527a1d731fa56b8be768ba799ab384c27167a08d44dfff5f64077b
Instruction Fuzzy Hash: B67168B3F116244BF3844869DC983626543EBE5315F2F82388B99AB7C9DD7E9C0A4384

Function 00A984CF Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

1, xrefs: 00A985DB

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 91a5566e163a0c00205d24d9e0299e4fcc024dbf70ba085f28d9fc2d2e5eac24
Instruction ID: 6947a16c04c93bcee93c8b222479bd074fd83a8c370869a5f6a2dd523a977922
Opcode Fuzzy Hash: 91a5566e163a0c00205d24d9e0299e4fcc024dbf70ba085f28d9fc2d2e5eac24
Instruction Fuzzy Hash: 2971CFB7F115254BF3444938CC593A27683EBA5324F2F42388E5DAB7C5E93E9D0A5384

Function 00A58498 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

Pw#u, xrefs: 00A5861D

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: Pw#u
API String ID: 0-623991993
Opcode ID: d170e43e163422c5f72589a718799dc911c3f2ae16aa02fcb570b4742ddc4f38
Instruction ID: c2287cd32c10b719f4c1839b73ff4f55d5d428cc1068d724d85f8c7cd2dc24be
Opcode Fuzzy Hash: d170e43e163422c5f72589a718799dc911c3f2ae16aa02fcb570b4742ddc4f38
Instruction Fuzzy Hash: 9751BCB0548340CFC724CF54D8527ABB7F0FF86305F04892DE9999B2A1E7788909CB86

Function 00A58530 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

Pw#u, xrefs: 00A5861D

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: Pw#u
API String ID: 0-623991993
Opcode ID: d0ae661ecdab97ea190576cef6a8375e501a1ad68e645d13e520055adface917
Instruction ID: 21cfcaaec52c59dd6f4207407ba1b89d69c4e200401749e54fbdb132f76b110b
Opcode Fuzzy Hash: d0ae661ecdab97ea190576cef6a8375e501a1ad68e645d13e520055adface917
Instruction Fuzzy Hash: 7151DCB0548340CFC7209F54D8527ABB7F0FF86315F04892DF9999B2A1E7B88905CB86

Function 00AF927A Relevance: 1.4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

(, xrefs: 00AF9388

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 839b4ab1ae009261a4e071d3ceb3e0abbbeb6ff50baca30ae5b76e134464dd18
Instruction ID: 6288ab354ef1eb30bde38c578af136720e4bbc94f4f08ffb8b24d71852ac36fd
Opcode Fuzzy Hash: 839b4ab1ae009261a4e071d3ceb3e0abbbeb6ff50baca30ae5b76e134464dd18
Instruction Fuzzy Hash: 805168B3F1052507F3484D39CD683627682EB95311F2F82788A8DAB7C9E93E9D0A5384

Function 00A5719F Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

<?, xrefs: 00A570CD

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: <?
API String ID: 0-2219591229
Opcode ID: ebbc28503e746c7999a98239ba93022328bd050ed79d7260fa158fe8948fc27b
Instruction ID: 7cc7c10e076cce08d54b8acc455c3f29f0c43f9e4fdb6b1e05994f75c6527e9e
Opcode Fuzzy Hash: ebbc28503e746c7999a98239ba93022328bd050ed79d7260fa158fe8948fc27b
Instruction Fuzzy Hash: C0410371E403198FDB24CFA99C057AEBB72BF81300F19C1A8D548BB251EB74598ACF85

Function 00A4B3E1 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

l, xrefs: 00A4B3E9

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: 79cc6188956410e2b81018292a96abd195b9538437e3f144c18d8273a159f548
Instruction ID: 5a59803087db5754c1a46d0fc529e11b23c2c7f2a83953d7127bfb247f2816c7
Opcode Fuzzy Hash: 79cc6188956410e2b81018292a96abd195b9538437e3f144c18d8273a159f548
Instruction Fuzzy Hash: 50116D3412C3819FE740CF25D46476BBBE0AB92318F986A9CE0D1972C2C779C54ACB66

Function 00A6F0D0 Relevance: .7, Instructions: 745COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86aa0cf213b7678ec2f1edf31f531d744d7fa0c7102e9288e7df205107438735
Instruction ID: 15722b44c7c7f7fe0920de05a489bd314fec2cda85c4ba27ceb74232fd54a5bd
Opcode Fuzzy Hash: 86aa0cf213b7678ec2f1edf31f531d744d7fa0c7102e9288e7df205107438735
Instruction Fuzzy Hash: C6321136A18211CFC708CF68E89026AB7F2FBDA314F1A857DD58A87351D734AD56CB81

Function 00A6F2D0 Relevance: .7, Instructions: 693COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4f6018fd42b5b35f33e5498734feeb8c2f40f730b76c1d58f03d79282fcc97
Instruction ID: 3cb78120d069f79f9820b3b2ee292251bfa3f939452f8546a6e955b6f9b325af
Opcode Fuzzy Hash: ff4f6018fd42b5b35f33e5498734feeb8c2f40f730b76c1d58f03d79282fcc97
Instruction Fuzzy Hash: FA2214366082118FC708DF78D89122AB7E2FBDA314F1A897ED49AC7391DB349D45CB81

Function 00A6F1F0 Relevance: .7, Instructions: 686COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f75cade65a1e0f1833f04e8901c1d1e9d984b95ddc5ccc919ab91426b1edc3
Instruction ID: 4f337c3474af22053f2fef4391a23817a579753ff6eb6a2f27a4c5284ee539af
Opcode Fuzzy Hash: c9f75cade65a1e0f1833f04e8901c1d1e9d984b95ddc5ccc919ab91426b1edc3
Instruction Fuzzy Hash: DC220136608211CFC708CF68E89026AB7E2FBDA314F1A897DD58AC7351D774AD46CB81

Function 00A330A0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe474294b4b1357dfc950f2b2a1c1bfc360e85f159c8856ad9601d248ba2b27d
Instruction ID: e9e98838e92fc861721ea1e371c9d06edbf4940e8582aa3d1e29929aa1ab11b6
Opcode Fuzzy Hash: fe474294b4b1357dfc950f2b2a1c1bfc360e85f159c8856ad9601d248ba2b27d
Instruction Fuzzy Hash: 3A52D17250C3459FCB15CF19C0906AABBE1BF88314F198A6DF8DA5B341D778DA49CB81

Function 00ABB623 Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aed838a83161e352e2cb7b5d78d54be4bd1821fb3b46febe5d9aa27b08b4556
Instruction ID: babcc23d37f526ea8e221b29b0eea9d9501c5b7f3dd51762cad8eaca68c65106
Opcode Fuzzy Hash: 3aed838a83161e352e2cb7b5d78d54be4bd1821fb3b46febe5d9aa27b08b4556
Instruction Fuzzy Hash: 58F1AEF3E156104BF3048E28DC99366B693EBD4314F2F853C9A88AB7C4E97E5C064785

Function 00AEF463 Relevance: .5, Instructions: 468COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a21f23097083b8b2f59effe265f2c58ce67cd34d6b3a175941d5965d0b961810
Instruction ID: 4e01cac9827f0e8045c88aaf26c9b9c00c3e1d78091478fc6bd2d4de1e0accab
Opcode Fuzzy Hash: a21f23097083b8b2f59effe265f2c58ce67cd34d6b3a175941d5965d0b961810
Instruction Fuzzy Hash: 5EF19EB3F116254BF3444929DC98366B692EBD1324F2F827C8E88AB7C5DD3E5D0A4385

Function 00A36410 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 264195050ac027eef94cbf6de87a68d4ca7b7f0e0b1a2bce4a0aa0ca815fc237
Instruction ID: 7135d025e18fa67a36703ac44192f3991fb503778e4c6b3f88ad4d03fb0a7feb
Opcode Fuzzy Hash: 264195050ac027eef94cbf6de87a68d4ca7b7f0e0b1a2bce4a0aa0ca815fc237
Instruction Fuzzy Hash: 68F19B756087419FD724CF29C88176BBBE2AFD8304F08882DF5D987751E639E948CB92

Function 00A945A5 Relevance: .4, Instructions: 444COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9abd3a5d17a5e19d369096f0a09d14a2b803b4ae9a7b063186ac846641502479
Instruction ID: e66b10b60ead756551676b302748f6de612a9f8d53925826a984ec2779f0a0e5
Opcode Fuzzy Hash: 9abd3a5d17a5e19d369096f0a09d14a2b803b4ae9a7b063186ac846641502479
Instruction Fuzzy Hash: 5DE1E0B3F142204BF3145E28DC54366B692EBD4321F2B863CDE88A77C4E97E9C098795

Function 00A56369 Relevance: .4, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 730f52ef4af5ec44ff7f3f462c0a3b881d6cfaa9e204487af58fe710a2594f7c
Instruction ID: 31068c990133e9b50434609bf1f9f9df78a8e8353f1685d08b4180975adb3e18
Opcode Fuzzy Hash: 730f52ef4af5ec44ff7f3f462c0a3b881d6cfaa9e204487af58fe710a2594f7c
Instruction Fuzzy Hash: 53D105B690C3518FD714CF24995126BB7F2BFD6305F09886CE9864B242DB35D94ACB82

Function 00A6F690 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9db54f71a765acbff05f6a68ec98e6d60d0e8e375f89cd64a43d174f9c91529
Instruction ID: 6d44f08a5d323680c0890ff7f877e2fa251b1fff643986fa263f60986615c85d
Opcode Fuzzy Hash: d9db54f71a765acbff05f6a68ec98e6d60d0e8e375f89cd64a43d174f9c91529
Instruction Fuzzy Hash: EFC13336A08311DFC708CF68D89026AB7E2FBDA310F1A856DD89997391D734AD46CBC1

Function 00B005F7 Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dbe5da23d575cb5125bed92699b13dca1e4dfa2aa37b426b5043392e3401926
Instruction ID: 46dea6b14308d4c1ec99349282f2aba8e7d226f5115bd12c2739fdc325546b26
Opcode Fuzzy Hash: 0dbe5da23d575cb5125bed92699b13dca1e4dfa2aa37b426b5043392e3401926
Instruction Fuzzy Hash: E9D16AF3F1162507F3584929CC683A26583EBD5315F2F82788F49AB7C9E97E9C0A5384

Function 00A9D6DE Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9777a699d6038fee75fbe918523cc7ee46f149144a984841afd167b620ba88f5
Instruction ID: e7adbb5a4b1470909c1e16eb8365374c4a132705b9e960e8eb88ac0fe908499b
Opcode Fuzzy Hash: 9777a699d6038fee75fbe918523cc7ee46f149144a984841afd167b620ba88f5
Instruction Fuzzy Hash: 80C19BF3E146148BF3445E29DC95366BBD2EBD4320F2B863CDAD8973C4DA3A98058785

Function 00B1666E Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a44fb59b0fa562361d92e7b1e8b3fbb96925d22c873b907068163e3084753ab
Instruction ID: f173403f1a82a87947ba5b3bb6c6452c3a0f82b90b3d475aec224fc1e9a3ee00
Opcode Fuzzy Hash: 1a44fb59b0fa562361d92e7b1e8b3fbb96925d22c873b907068163e3084753ab
Instruction Fuzzy Hash: A3C1F4B3E142148BF3145E29DC05376B792EBA4321F1B893DDEC8977C4DA3A9D098785

Function 00AE937E Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a5337c1fa0c1fb10be7827525dd834ec17cc95e2885738ede8b6152df28c32e
Instruction ID: 828eeeb982d9f3092500dff401bb424046140121396b78bb0a67e60632b76da4
Opcode Fuzzy Hash: 8a5337c1fa0c1fb10be7827525dd834ec17cc95e2885738ede8b6152df28c32e
Instruction Fuzzy Hash: 31C17CF3F2152107F3544839CD583A2658397D5325F3F82788A98ABBCADD7E9C4A4384

Function 00AFF2D5 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96cde62cc2458d396169d5b77b2f24ca93a5a9443829577a198e3ba5cbe0b5c8
Instruction ID: a7980abf3ecdea918f4282180540e23fd272cfeedd2cc48062051ee8dc917d24
Opcode Fuzzy Hash: 96cde62cc2458d396169d5b77b2f24ca93a5a9443829577a198e3ba5cbe0b5c8
Instruction Fuzzy Hash: 9CC18DB3F116204BF3504978CD983926693ABD5325F2F82788E98AB7C5ED7E5C0A4384

Function 00AE426A Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cc36dd8e4529fe9fa7555834c704ae6c0488e9756396914b57a54ca149a2f64
Instruction ID: 5851df5938bd28204e7dff9c1592b2e77d1ce0a05c1453cacf34d0a285f40de2
Opcode Fuzzy Hash: 8cc36dd8e4529fe9fa7555834c704ae6c0488e9756396914b57a54ca149a2f64
Instruction Fuzzy Hash: D7B18BB3F105204BF3544979CD583A2B682ABD5325F2F82788E9CAB7C5D97E9C0A52C4

Function 00AC9163 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3509ff4b227ae46530a9019b41a0c8d10c0059bc77bab13cc2b59184b121dc56
Instruction ID: 878237a2dde1b45eba8961c56d378628760a83e796d46f4ac1106cfbd3c96b7c
Opcode Fuzzy Hash: 3509ff4b227ae46530a9019b41a0c8d10c0059bc77bab13cc2b59184b121dc56
Instruction Fuzzy Hash: 8FC1BBB3F5163047F3444978DC983A26582AB95321F2F82788E98AB7C4E9BE5C0953C4

Function 00AB115B Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7deedc0e91618553aa63562552b11195d3202176dd02c85300c8031ed11140bd
Instruction ID: b96caaffdefbf83fd12dd1b813787e0855af8d1122d421d6cd4cbe9ff068bdf8
Opcode Fuzzy Hash: 7deedc0e91618553aa63562552b11195d3202176dd02c85300c8031ed11140bd
Instruction Fuzzy Hash: C5B19AF7F115204BF3544929CC583626683EBD5321F2F82788A99AB7C9DD7E9D0A4384

Function 00AAD2EC Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b60fd5fa610cfe1929de7b19b87896f504699c20713286eeb9bd645651ba167
Instruction ID: db72f594d43fdbf5fa9859837ad4cb4b030371422fc7e37484d7d217ee523f92
Opcode Fuzzy Hash: 1b60fd5fa610cfe1929de7b19b87896f504699c20713286eeb9bd645651ba167
Instruction Fuzzy Hash: 54B16BB3F1022547F3544939CD983A27683ABD5324F2F82788E8C6BBC5D97E5D4A5384

Function 00AF21E2 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33de1657241015cd512c501b06599a218067398af2af44865b93bc5112883b0c
Instruction ID: 8e4be6f2c220ae054b9222be5a3503291344467b8e7471b818fada053336f197
Opcode Fuzzy Hash: 33de1657241015cd512c501b06599a218067398af2af44865b93bc5112883b0c
Instruction Fuzzy Hash: BCB1AEF3F112254BF3544978CC983A23682E795324F2F42388F59ABBC5D97E9D0A5388

Function 00AB53EC Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2083e0c6e612ba70b3f044407b14706d2ffbc577badeec634ca8472e0fd3f4c6
Instruction ID: a75f8a82eb89059b570f0565917edf8fe0ae02ef9667809c4c31e20991e4a701
Opcode Fuzzy Hash: 2083e0c6e612ba70b3f044407b14706d2ffbc577badeec634ca8472e0fd3f4c6
Instruction Fuzzy Hash: 8AB1ACB3F115258BF3544928CD583A27693EBD5324F2F82788E4C6BBC9D97E9C0A5384

Function 00AA0617 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6aeeeb3347a56b3abe019cc093923ac58605401319d8ae18213e4a0f3e2d46e
Instruction ID: 0476fbda8a23067061cf463bc81222641a1a630d1a5cd23481e5f9e1ba3055dd
Opcode Fuzzy Hash: b6aeeeb3347a56b3abe019cc093923ac58605401319d8ae18213e4a0f3e2d46e
Instruction Fuzzy Hash: 4AB15BF3F1122547F3544878CD983A26693A7A1325F2F83788E5C6BBC9E97E5D0A42C4

Function 00B0A0E3 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e7db998c4a7fecf20bcda16c6e0bf77f5de388f780589f7002d3f80719b75b2
Instruction ID: 645a2a7a1ce5708529929b707d05211c8883d6ff1064329f09a65f5d5300e2ff
Opcode Fuzzy Hash: 7e7db998c4a7fecf20bcda16c6e0bf77f5de388f780589f7002d3f80719b75b2
Instruction Fuzzy Hash: 6BB16CB3F116164BF3544939DC883627683ABD5324F3F81788A8CAB7C5D97E9D0A5384

Function 00AF3651 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83236453322eaa6feca638b1bdedaeb619a000e95e63b3352fdc6fefada78166
Instruction ID: 3e623469827b545b8863edf47eef8e55690504b5f2d1a16cf25dd551dd29808c
Opcode Fuzzy Hash: 83236453322eaa6feca638b1bdedaeb619a000e95e63b3352fdc6fefada78166
Instruction Fuzzy Hash: 48B17BB3F2062547F3440978CC983626583EBD5324F2F82388F99AB7C9D97E9D065384

Function 00B1056C Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9859086f05d0f8d76e7c7a5a21e79eca1be138ebec32ebaf7acec39027fc08bf
Instruction ID: a1b1faedfca6fed291357ad9824304762b2d0c6948646d3acf60a8759ac22d1f
Opcode Fuzzy Hash: 9859086f05d0f8d76e7c7a5a21e79eca1be138ebec32ebaf7acec39027fc08bf
Instruction Fuzzy Hash: 75B169F3F6152547F3884838CD693A26583A7E1325F2F82788E5D6BBC9DC7E5C0A5284

Function 00AD62DA Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f82b01bb492147366561205201f417cf26f4ce166d83e0312eb5b1034e13c7c
Instruction ID: 67572d1f773960ebf2a079d2e76c0d78e77e05061b5d7a3cebe1a7775ebf0ac0
Opcode Fuzzy Hash: 2f82b01bb492147366561205201f417cf26f4ce166d83e0312eb5b1034e13c7c
Instruction Fuzzy Hash: 7FB167B7F5122547F3444879DD983626A439BE5320F2F82388F59AB7C9DDBE9C0A4384

Function 00AB0204 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2869b61655d79700d58a6e879fad7d79361a0b2d33b24d61973791a35c361f8
Instruction ID: 40323c391ddf26c5cfadc18cb70b8d21a1cc1fe909bf035b98ed75b162c60b68
Opcode Fuzzy Hash: e2869b61655d79700d58a6e879fad7d79361a0b2d33b24d61973791a35c361f8
Instruction Fuzzy Hash: A1B19EF3F1062547F3444968CC943A27683EBE5325F2F82788E58AB7C5D97E9C065384

Function 00A9B275 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ecc480ed2d5e82d3ed7ad2c4a2b11c3fdfdb5138744c7db98b902ee4d57d9d
Instruction ID: 9770403f5fb503ab4e9c0e707cc2508e91268905ac4df77bf347411a0b11bb8c
Opcode Fuzzy Hash: 86ecc480ed2d5e82d3ed7ad2c4a2b11c3fdfdb5138744c7db98b902ee4d57d9d
Instruction Fuzzy Hash: 81B19CF3F1162547F3544938CC583A26643DBE1324F2F82788F596BBC5D93E5D0A5284

Function 00B146BA Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3e1b4474314583219a14ce11805ec7ce92d9432e2ee6c9abfbcee88ef59090
Instruction ID: 70c12d903481b29ad3fab86a59a3c38741fe274e38f7ed5389f3ad681ff7b2a9
Opcode Fuzzy Hash: 8a3e1b4474314583219a14ce11805ec7ce92d9432e2ee6c9abfbcee88ef59090
Instruction Fuzzy Hash: BBB17EB3F5162547F3544878CC693A66183EBD1324F2F82388FA9AB7C9DD3E5C095284

Function 00A95101 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f512e020620991ff24a5acab8fd41af44f672aa667dd89f86274aa87cb2a06f
Instruction ID: 0576c232e5a7c8eb38647e6f37f13c490a319284c72d88a4b1b6b0d619af8af8
Opcode Fuzzy Hash: 6f512e020620991ff24a5acab8fd41af44f672aa667dd89f86274aa87cb2a06f
Instruction Fuzzy Hash: 54B157F3F1162507F3544978CC983A265839BA5315F2F82788F4CAB7C9E97E5D0A5284

Function 00ABE6D7 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31b6bdc8a1dc0894ebae0304fcc6d74a89f3be1d10185ecf12487bb4385e0e2b
Instruction ID: cfa989368c4635c617a151a57ae7e043990e5caefe31e8d3790be5d12b6eedc5
Opcode Fuzzy Hash: 31b6bdc8a1dc0894ebae0304fcc6d74a89f3be1d10185ecf12487bb4385e0e2b
Instruction Fuzzy Hash: 2FB18AB3F2152547F3504968CD583A2A683ABD1321F2F82788E9C6B7C5DD7E9D0A53C4

Function 00ADE013 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a19788b27ab8ef07e92c564f22194bfe0348702ac5cf726494b69e411e8e4f
Instruction ID: e844a23eb86d235b22ef02e5b4997932275df93926854f8a814cfe102c61ff77
Opcode Fuzzy Hash: 26a19788b27ab8ef07e92c564f22194bfe0348702ac5cf726494b69e411e8e4f
Instruction Fuzzy Hash: 9EB17AF3F1162547F3444968CC983A27683EB94324F2F81388E89AB7C5D97E9D0A5384

Function 00A4D280 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1270667d9d61360b738ad4b0f0d834eea3a43be3c4a69a7121e9158f26279e5
Instruction ID: 6f6dc94174779b0f42dbc72e19b869c3f57a7c3ea52ae41189f04e02f37fd890
Opcode Fuzzy Hash: b1270667d9d61360b738ad4b0f0d834eea3a43be3c4a69a7121e9158f26279e5
Instruction Fuzzy Hash: D5B1E079904301AFD720CF24DC41B1ABBE1BFD4724F248A2DF898A72A1EB71D954CB52

Function 00ABF061 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae6e5d7527ab09dd54fee7113b2e6c16d2bc2502b62ae51d80b22ee53f35905b
Instruction ID: 20f40d0d28b5eb05c5f436b425a72177c941e10bb705fa7693e61c8716a7e95d
Opcode Fuzzy Hash: ae6e5d7527ab09dd54fee7113b2e6c16d2bc2502b62ae51d80b22ee53f35905b
Instruction Fuzzy Hash: E1B19EB3F1162547F3544939CC983A2B683ABE1325F2F82788E9C67BC9DD3E5C065284

Function 00AEC781 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6f841dc2aaa58efb33b385c19e0d51bc15f93d31c3ea5c6447a7bbd4fbca497
Instruction ID: 407419b91a39c8cb60cf24c0a4eaff86c8051bbf56d543bad65662d494b69125
Opcode Fuzzy Hash: c6f841dc2aaa58efb33b385c19e0d51bc15f93d31c3ea5c6447a7bbd4fbca497
Instruction Fuzzy Hash: 69B176B3F2162147F3544939CC583A26683ABD5324F3F82788A6C6BBC9DD7E5D0A5384

Function 00AE72BA Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7519874260743be6b02e45cda509adb09e0d96ad809ddb1df3bf8cfb211522bd
Instruction ID: 3746b11240f7b121a47324b39f0f24688ea234a04272cc1dd785ae22763ad4e0
Opcode Fuzzy Hash: 7519874260743be6b02e45cda509adb09e0d96ad809ddb1df3bf8cfb211522bd
Instruction Fuzzy Hash: 27B19AB3F106254BF3544979CD983927693ABD5310F2F82788E8CAB7C9D97E9C0A5384

Function 00AC55BF Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 187623741d07e8b96c892f62ef7f748b08a7b2612deffc8139336d1974eb0dc3
Instruction ID: 260ef26f7a95e50fd4f2a8bdf2c31bc46f5db5a2bc063e7a3616c9b22bbb72a4
Opcode Fuzzy Hash: 187623741d07e8b96c892f62ef7f748b08a7b2612deffc8139336d1974eb0dc3
Instruction Fuzzy Hash: 6EA192B3F1062547F3544D69CC943627693EB99320F2F82788E99AB3C5DD7E6C095384

Function 00B0E550 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e431166d2d14c24b37f25713555f7a75ba3615893cf46963df0704002de471e
Instruction ID: 79be4355391c43e7dd68158d311329a17d749d294b6ef1ee808b63beb62017d1
Opcode Fuzzy Hash: 6e431166d2d14c24b37f25713555f7a75ba3615893cf46963df0704002de471e
Instruction Fuzzy Hash: D2B168B3F1162547F3584D28CCA83A67283EBE5311F2F827C8A8A5B7C5D97E6C095384

Function 00AD2674 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03409ad8ef1d84bb5476f58b396eb81fc25d26887ce06e2eef504a8dd0afb186
Instruction ID: 4f9188749606287fc90fadd882fe80142c6beb6906454722f83d4baf3d769ac8
Opcode Fuzzy Hash: 03409ad8ef1d84bb5476f58b396eb81fc25d26887ce06e2eef504a8dd0afb186
Instruction Fuzzy Hash: ACA18BB7F5162547F3544838CD683A265839BE5324F2F82788E6D6BBCADD7E5C0A02C4

Function 00ABD0AA Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80153c38f7672bb3ee99389713e6f687743966731876dda797b2987b5db6a655
Instruction ID: f08a6b544755aea9f97b3580382807719e61581e356caf12fd2481e0e448659b
Opcode Fuzzy Hash: 80153c38f7672bb3ee99389713e6f687743966731876dda797b2987b5db6a655
Instruction Fuzzy Hash: F2B19BB3F112164BF3444D78CC693A27683EBD5711F2F82388A499B7C9DE7E980A5384

Function 00AB80DA Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27ef22fc06bb3bc1bf5a1a60e8e066a5578f901c22142e3593df2e55a9953238
Instruction ID: 389e1cdf0f3e71ced2348bafe2eb979dc281fcd8f9ea276bf3dd4b1772419175
Opcode Fuzzy Hash: 27ef22fc06bb3bc1bf5a1a60e8e066a5578f901c22142e3593df2e55a9953238
Instruction Fuzzy Hash: 05A1BEB7F106244BF3584878CD993A27582EB91314F2F82388F59AB7C9DD7E9C0A5384

Function 00A99516 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce998d21e8fbc3b2821c6b3bdd28b0073cc924a360163ad198c14c362036cd4f
Instruction ID: 68f3dc4e4c3d0261e2a9b56dc61eda104bed76e90a20332fca228fa5faafbe90
Opcode Fuzzy Hash: ce998d21e8fbc3b2821c6b3bdd28b0073cc924a360163ad198c14c362036cd4f
Instruction Fuzzy Hash: 59B148B3F2162547F3444928CD983A22683E7D5325F2F82788E9CAB7C5D97E9D0A5384

Function 00AA95C7 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fde9e687f8123dc16370cd6ae767ade312ecef0b87178fafacc8a4d34ef3e61
Instruction ID: 19ace22b31dc4ff6435f7270f2e96406310cb10ed844e5fd045fbf2186b6bfd8
Opcode Fuzzy Hash: 2fde9e687f8123dc16370cd6ae767ade312ecef0b87178fafacc8a4d34ef3e61
Instruction Fuzzy Hash: 06A149F3E61A2547F3584838CD583A266829BE0325F2F82788E5D6B7C5ED7E5C0A5384

Function 00AE0198 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3226fd18bac5c68c10310132acb0577182fb9c1d3817e36adde882926cf40f70
Instruction ID: 27e958694a9963ff897a21f557efae671aa5e9d71a126a7b1ba4a1ce77dea03b
Opcode Fuzzy Hash: 3226fd18bac5c68c10310132acb0577182fb9c1d3817e36adde882926cf40f70
Instruction Fuzzy Hash: 73A189B3F112254BF3544978CCA83A23682EB95324F2F827C8F996B7C5D97E5D0A5384

Function 00B01079 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632d96e140da70a265378ddecaf0f0f58532729399ac2ca79a3cd2fe7f1fd40a
Instruction ID: eb3d505b2da7def0867822921df08281c02da712b7110973be27f4d5ad37579c
Opcode Fuzzy Hash: 632d96e140da70a265378ddecaf0f0f58532729399ac2ca79a3cd2fe7f1fd40a
Instruction Fuzzy Hash: FEA19DF3F516250BF3544938CC983A26683ABD5325F2F82788E8C6B7C6D97E9C465384

Function 00AAF7A6 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ba998d690158cb762bc553452c6f91ce9764daa4d038605a83e4ef6b82f704
Instruction ID: 71129535ad41d81a46bd731f06ee20a260110315af2325d4d75718d48fc1a386
Opcode Fuzzy Hash: 74ba998d690158cb762bc553452c6f91ce9764daa4d038605a83e4ef6b82f704
Instruction Fuzzy Hash: 60A1ACF7F116214BF3584868CC983A26682E795321F2F82788F596B7C5DD7E5C0A53C4

Function 00AC50E5 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e67ae6a1a68f6ba25ce4e408882b2dd2b624323ec01c6366a8425ea78bb02cd
Instruction ID: f2a0910deb63cfa4162610d58a9bdfe2da8cb8899cdeaeacd61b6a9c1d801f31
Opcode Fuzzy Hash: 7e67ae6a1a68f6ba25ce4e408882b2dd2b624323ec01c6366a8425ea78bb02cd
Instruction Fuzzy Hash: FAA1BEB3F1162147F3544938CC583A26693DBD5321F2F82388B996BBC9DD7E9D0A5384

Function 00AF50F5 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08204b535c448d98b2071cac0c82035922ec85cea09aca8698eae46746cc50df
Instruction ID: 039af239332bfce1feffd885419e89607ac2e60351072c8d0fd9334496025f06
Opcode Fuzzy Hash: 08204b535c448d98b2071cac0c82035922ec85cea09aca8698eae46746cc50df
Instruction Fuzzy Hash: ABA18BE7F1162447F3544938CD683622593EBD5324F2F82388F996B7CAE87E5D0A5384

Function 00B112C3 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1478da68ba50fdd171210ff0aab0534f68e30d573c52a0008be6420fad409b41
Instruction ID: f9fa550374e5ca4f1fa9bf09daf84e3e032ddec96576fe70e0037c058f546de7
Opcode Fuzzy Hash: 1478da68ba50fdd171210ff0aab0534f68e30d573c52a0008be6420fad409b41
Instruction Fuzzy Hash: A0A1ADB3F1162547F3444939CCA83A26683EBD5321F2F82788E596B7C5DC7E5C0A5384

Function 00B0015B Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5291b9db2ce33dff3e44184b36aafb2606cbda38561806fdced35c083c7603a
Instruction ID: ed2d00b9c798891e99d266be410ab2042b98b45668e0b94e4d42bddcf66a50a1
Opcode Fuzzy Hash: b5291b9db2ce33dff3e44184b36aafb2606cbda38561806fdced35c083c7603a
Instruction Fuzzy Hash: C3A1BCB3F106254BF3584C78DD983A27682AB95320F2F82788F9C6B7C5D97E5D0A5384

Function 00AE20F5 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55791664bf4b4b0ca1927a6b75e5f4b14701eb70fc5e173e93a795e0932f3f00
Instruction ID: 367ce25b483af16329a7b18cc97e9bdf96d0127e754863ce88201b687c667474
Opcode Fuzzy Hash: 55791664bf4b4b0ca1927a6b75e5f4b14701eb70fc5e173e93a795e0932f3f00
Instruction Fuzzy Hash: 11A188F3F2162507F3584978CCA83A22583ABD6325F2F82788E596B7C5DD7E5C0A5384

Function 00AF04A6 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a7b89e7806da52a14e54bc491541389a063fb9c63be81033d83f46cbd18f3b
Instruction ID: 2216558a8f485a48f0ded0a66b70584544990d4d62b81fc39339fd3d93cf152b
Opcode Fuzzy Hash: 81a7b89e7806da52a14e54bc491541389a063fb9c63be81033d83f46cbd18f3b
Instruction Fuzzy Hash: E7A14DF3F1162547F3544869CC983A27283DBE5325F2F82788E986B7C9D97E9C0A5384

Function 00B08532 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fee5d38bdf4a7a492ea341a5cb3e455c4bbd83656b4e422f6cd82876d435e6e
Instruction ID: 2d7f23841939163ea03ff4459f65e1fd164601922d06b8e088b1027a57842e0d
Opcode Fuzzy Hash: 7fee5d38bdf4a7a492ea341a5cb3e455c4bbd83656b4e422f6cd82876d435e6e
Instruction Fuzzy Hash: 02A16DF7F516254BF3444839DD583922583A7E5324F2F82788A9C6B7C9DD7D9C0A4284

Function 00AAF071 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c759bc3cb7956e4616fe0f490819a14548ba5b63586e4c1324a57a5c8e2aff95
Instruction ID: 8ed5ab0690627f9dacdb26c2b8a2fa631ddd3fcaec5ce2306f8f88bdf17fbab7
Opcode Fuzzy Hash: c759bc3cb7956e4616fe0f490819a14548ba5b63586e4c1324a57a5c8e2aff95
Instruction Fuzzy Hash: 22A16AF3F116254BF3444978CC983A26643A7E5324F2F82788F9C6B7C5D97E9D0A5284

Function 00AB65EA Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd5ed6ceb941a8d0e3ec232cd9df493abba26b17d85504f72fafe79c08d938b
Instruction ID: 81851e2aa12229b2191f0fd2b64fed7e5f3f0abb7f8cf67db97be3a180eeed90
Opcode Fuzzy Hash: 2bd5ed6ceb941a8d0e3ec232cd9df493abba26b17d85504f72fafe79c08d938b
Instruction Fuzzy Hash: 74A18DF7F2162547F3440968DC983626693EBA5314F2F82788F4CAB7C6D97E9C0A5384

Function 00AAC334 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 933d69346f9d5c9d37efaa89a1983ba4288ca9efc6087a63320ed4369f5c77c4
Instruction ID: 09b7644eb47c27d069c1f79c01fd278082811a87fb71877f45ab97a99b71885d
Opcode Fuzzy Hash: 933d69346f9d5c9d37efaa89a1983ba4288ca9efc6087a63320ed4369f5c77c4
Instruction Fuzzy Hash: 3DA1ADF3F2162547F3444928CC593A23643DBE5315F2F82788B999BBCADD3D990A5384

Function 00AE30EF Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbefe77849a76500b0352cce0b1803b7dbafae964967096a2d543dbf35ad31e5
Instruction ID: 6a985eeb12e389fe28f4d05c82e9095a47b7eeccbfd54748e52864eb6c1c235f
Opcode Fuzzy Hash: bbefe77849a76500b0352cce0b1803b7dbafae964967096a2d543dbf35ad31e5
Instruction Fuzzy Hash: 8FA1ACB3F1162147F3144929DC58362B283ABD5325F3F82788B896B7C5ED3E5D069384

Function 00B0D690 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe075216a0dae2b3eede88b6454f9d76370a41926f0ac88a6b8f77852d60df1
Instruction ID: fea17833daf4612db3fec848fc6ded7ce96da5518c893da98b7ac28bde5e88ab
Opcode Fuzzy Hash: 3fe075216a0dae2b3eede88b6454f9d76370a41926f0ac88a6b8f77852d60df1
Instruction Fuzzy Hash: 10A179B3F5162547F3444878CCA83A265839BE1324F2F82788F996B7C9DD7E9C0A5384

Function 00AB4140 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9255e92061f4dcfff1d64c370d4ee2bd94f00d3a15532636ff628df27e509af
Instruction ID: e82f8c99a3d6939345bd6b2c50e4a6354cca93534a1c7915ec695fcd0b9139e2
Opcode Fuzzy Hash: c9255e92061f4dcfff1d64c370d4ee2bd94f00d3a15532636ff628df27e509af
Instruction Fuzzy Hash: 43A17CF3F116254BF3404929CC983A23683ABD5321F3F82788A9C5B7C5D97E9D4A9384

Function 00AF115F Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58fa45d5e943b01dd9ea85b46c766dccfa21d6ae486371851394a5257d1be507
Instruction ID: 0ff79dcae5bb9a6fc29d72484182b63e120248ee2e4320e4c4155df20666298d
Opcode Fuzzy Hash: 58fa45d5e943b01dd9ea85b46c766dccfa21d6ae486371851394a5257d1be507
Instruction Fuzzy Hash: B7A1BCB3F116254BF3444928CC943A27283EBD6325F2F82388E586B7C5DD7EAC0A5384

Function 00AF64BD Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d58754cd8851160f3a34e53ed4149a2189de7a712e50e88a979c04d6e61d5b3
Instruction ID: 06cff591022bb65d3e6b9e642663db3f4f604248eb1023ebc0adb9dc71c3f138
Opcode Fuzzy Hash: 2d58754cd8851160f3a34e53ed4149a2189de7a712e50e88a979c04d6e61d5b3
Instruction Fuzzy Hash: 96917AB3F116214BF3044969CC983A265839BD5325F2F82788E8CAB7C5ED7E9C065384

Function 00B10113 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bbbe258cd2362167a439b12c10246821357232489d3025a54e9f11089c8d961
Instruction ID: 5d978f0cd6e0567bc726731b7534df56d9c9f9027fd1175867c8131226f84966
Opcode Fuzzy Hash: 1bbbe258cd2362167a439b12c10246821357232489d3025a54e9f11089c8d961
Instruction Fuzzy Hash: 139138B3F1152447F3584929CC983626583ABE5325F2F82388EADAB7C5DD7E9D0A13C4

Function 00ABF577 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3d52bcc46f4266429296dab7344fc8fa0b4df68c7ea59e3834d06cb70ffb11
Instruction ID: 4c18160a1814dbb66f7f2722cce889ebdbd0b889bd012c1ab51ff39f3a6bc858
Opcode Fuzzy Hash: 7d3d52bcc46f4266429296dab7344fc8fa0b4df68c7ea59e3834d06cb70ffb11
Instruction Fuzzy Hash: F1A189B3F1062547F3480E38CCA83A23692EB95721F2F82788F996B7C5E97E5D055384

Function 00AA4681 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af4097a6a0ab57c4e62868f5c5ad1a62e859d3999f874d8a9bdd8e605c4d45fa
Instruction ID: 8d8d9eab0d91f61ff7a9475affe292824463979db6d8e2dbb3ce9bf96af510b5
Opcode Fuzzy Hash: af4097a6a0ab57c4e62868f5c5ad1a62e859d3999f874d8a9bdd8e605c4d45fa
Instruction Fuzzy Hash: D6A16DB3F111250BF3944978CC583A26682EBD5311F2F82788E4DAB7C9DD7EAD4A5384

Function 00AA164C Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5a732f042e07be8a4afee84ce94b562f757051da2bec0dcb431b5c4e329aa3
Instruction ID: c4b4187df33134c34480bb2b3a1ea8d02b5103ec8ef651b4b02ea10400faaca2
Opcode Fuzzy Hash: 0e5a732f042e07be8a4afee84ce94b562f757051da2bec0dcb431b5c4e329aa3
Instruction Fuzzy Hash: F5918CB3F2162447F3444978CC983A27692E795324F2F827C8E8DAB7C5D97E9D0A5384

Function 00ACE24E Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 002acf5c7a8bff8a4e290cb10ceabb497f386de901228c87de39f05b2a61f37a
Instruction ID: 28628d3f0e767a57d8ab8da49e5765026a65d8f0709b2b28d987244da4e24729
Opcode Fuzzy Hash: 002acf5c7a8bff8a4e290cb10ceabb497f386de901228c87de39f05b2a61f37a
Instruction Fuzzy Hash: 8B918CB3F106244BF3444929CC983A27683EBD5314F2F81788F896B7C9D97E6D0A5388

Function 00AEE625 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f6e487dbfad1d30dcbd4ac71fb570659b2937fb9348861b853555ce755b53d
Instruction ID: 700c31829575046ba9c0fd072e2b22e71539c55c2863a37cf63d05d0f89bd49f
Opcode Fuzzy Hash: 20f6e487dbfad1d30dcbd4ac71fb570659b2937fb9348861b853555ce755b53d
Instruction Fuzzy Hash: 30918DB3F2062447F3544D38CDA93627652EB95310F2F82788F89AB7C5D97E9D0A5388

Function 00AC6317 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18f4ac9073ff02ea79eb93a2b1b1736cb0068e2c15a83c84d3a6b7ba8215d4b7
Instruction ID: 5de86a5e70b1a21e8a5d66ae171358de3ecac31b4eb35c891ed00650673c09f9
Opcode Fuzzy Hash: 18f4ac9073ff02ea79eb93a2b1b1736cb0068e2c15a83c84d3a6b7ba8215d4b7
Instruction Fuzzy Hash: 449156B3F1162147F3584928CD983A22583EBE5315F2F82388F496BBC9DD7E5D0A5288

Function 00AB968F Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccf53d60876fd4679f522957679fcb4f92549140f630dd53703ed4f6594fbfce
Instruction ID: ed69b65c0f5961a9e5e7b86880e45a78bbfcfb308b914b319538ff2c25bfdd54
Opcode Fuzzy Hash: ccf53d60876fd4679f522957679fcb4f92549140f630dd53703ed4f6594fbfce
Instruction Fuzzy Hash: B19188B3F106254BF3944829DC983A2768297A5320F2F82788F8D7B7C6D97E5D4A53C4

Function 00AE52CC Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d6c06a9336c62776c5c75a0c473c0b35464ccfc95a6561711703820665398bf
Instruction ID: 3f1d2cedc6859296a523cbde291cc544248a04a3b20b3bc7df1e123ba3fc22ed
Opcode Fuzzy Hash: 8d6c06a9336c62776c5c75a0c473c0b35464ccfc95a6561711703820665398bf
Instruction Fuzzy Hash: 99918BB3F1162547F3504928CC983A27693EB95325F2F82788E8C6B7C9EA7E5D4643C4

Function 00AF8090 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99b7e3d0b78470a705317227cdda18aeb0d9d8a53ab03896ad8ed21d4e0aa69
Instruction ID: 169b82b19b545a5837efdcbbe37c0b3867e66811fe1e8168bc4aac01bc804cc3
Opcode Fuzzy Hash: e99b7e3d0b78470a705317227cdda18aeb0d9d8a53ab03896ad8ed21d4e0aa69
Instruction Fuzzy Hash: 009188F3F116254BF3544D38CC983626683ABA5321F2F82788E9CAB7C5D97E5D0A5384

Function 00ADB060 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f6d1cd48aa705880bdbad6629d317164c3c926d4d9a098481aaf913ec0672a
Instruction ID: ee54f7129d52e14040f3fd100306c896ffb2f3be27c362e8e128e4fabc2ec1dd
Opcode Fuzzy Hash: 84f6d1cd48aa705880bdbad6629d317164c3c926d4d9a098481aaf913ec0672a
Instruction Fuzzy Hash: 03918CB3F2162507F3584879CD593A26583DBE1314F2F82388F5AABBC9DD7E5D0A1284

Function 00AB61AE Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e1e0edcddec188501e3323b09e3d54229978bf8eb1a98a30504bc8f19b64a81
Instruction ID: 8fda71cad619ecc5ef54f0ee3d8aedf4d0a391077e4c1efeb0b96426c0f0b614
Opcode Fuzzy Hash: 2e1e0edcddec188501e3323b09e3d54229978bf8eb1a98a30504bc8f19b64a81
Instruction Fuzzy Hash: 62917AB3F1162547F3584978CD983627682EBD5321F2F82388F89A77C8DD7E5C0A5284

Function 00B032BF Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100c2d00185d06b0402da2840a50066dcc6bc416ff224b511b3849ac7f880e84
Instruction ID: f3a676ac1e7cfa9b88bdc65e6dfe6bab672ceffc710c8b560fd7c04be65cbb92
Opcode Fuzzy Hash: 100c2d00185d06b0402da2840a50066dcc6bc416ff224b511b3849ac7f880e84
Instruction Fuzzy Hash: A09159F7F1062547F3544969DC983A2A283ABA5324F2F81788F8C6B7C5E93E9D0653C4

Function 00AA121C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 691eb3ba4ce90e9d497344f579e5668e0ab5309b3a13ff52148f14b9e10a9965
Instruction ID: 14821349f358f44e5a795656ca882060e02a7319f700924b31280649560b8fcf
Opcode Fuzzy Hash: 691eb3ba4ce90e9d497344f579e5668e0ab5309b3a13ff52148f14b9e10a9965
Instruction Fuzzy Hash: F5915BB3F5162547F3944D29CD983626693ABA4320F2F82388E8C6B7C5D97E6D0A5384

Function 00AD0354 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daba6e4d6912306c0aba497d47da1fd377251cb3b7e9bf1fe5eb20b9efc7a9d3
Instruction ID: 1b6eaade999e4ae575fb02b69e76756dec2a2ce9ae709ee06a4f445a0e58fcb7
Opcode Fuzzy Hash: daba6e4d6912306c0aba497d47da1fd377251cb3b7e9bf1fe5eb20b9efc7a9d3
Instruction Fuzzy Hash: 869145B3F216254BF3544939CC583A276839BE5320F2F82788E8DAB7C9D97E5C065384

Function 00B0C4B0 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb20bd7e6deefd72091ce3010e8b6d41c6b008f2d18e9e5f210d65caafbdc97
Instruction ID: d6a9f513ca36847ee4431cc1cf6b3585d6afb33eb79497a25445faf8836ad911
Opcode Fuzzy Hash: ebb20bd7e6deefd72091ce3010e8b6d41c6b008f2d18e9e5f210d65caafbdc97
Instruction Fuzzy Hash: 3691AEB3F6162547F3444929CC983A27683DBD5324F2F82788F486B7C9D97E5D0A5388

Function 00B0F7FB Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817ddc4bf1aeede29593605823220483546ab1ee7f115d75a48c2f2260f2ebc1
Instruction ID: 66f8c79349c48a92b88192b9d0a1a5bafbca9d96512b8a0cb2966f0189dfaad3
Opcode Fuzzy Hash: 817ddc4bf1aeede29593605823220483546ab1ee7f115d75a48c2f2260f2ebc1
Instruction Fuzzy Hash: F4919AB7F2162547F3544C78CC483627683EBE5325F2F82788E58AB7C9D93E9C0A5284

Function 00B02601 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431e07453b2dc8955569021ab683140926010df2078aaeac58ebdab3302abe56
Instruction ID: bf830f1396c9942854cf631152eb9140ce9badfae30cf0cd19bf94998d250e1a
Opcode Fuzzy Hash: 431e07453b2dc8955569021ab683140926010df2078aaeac58ebdab3302abe56
Instruction Fuzzy Hash: F1917BF7F2162447F3444929CC983927283EBD5325F2F82788B98AB7C5D97E9C0A5384

Function 00ACB384 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e1a2fe6643ed22a308370519e49e552a50e24efabc90a81b7ee5fe1dc05cddc
Instruction ID: 7d56feaca7ac02afb5c2cde216c04649d39f52f8e5dfd4ac455c0ed62527a1e8
Opcode Fuzzy Hash: 1e1a2fe6643ed22a308370519e49e552a50e24efabc90a81b7ee5fe1dc05cddc
Instruction Fuzzy Hash: EC91A0F3F106254BF3544D29CC593A27692EBD1310F2F82788E89AB7C5D97EAD0A5384

Function 00AAE6FA Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9b41b05846f06da6564730e5feaa72cfba0697caf33c53a739e7819b1e619b
Instruction ID: ca60e3d90591c6ab6087c7f52e316611b3bef73139e3b0563bc8858231d5ee08
Opcode Fuzzy Hash: 1b9b41b05846f06da6564730e5feaa72cfba0697caf33c53a739e7819b1e619b
Instruction Fuzzy Hash: 5391BDB3F116254BF3540928CC583A27293ABD5315F2F82788E8D6B7C9D97E1D4A9388

Function 00AD44B3 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbda7258dcd7861e316a73f33dec42bef3e5e68ff731276b06074613775d2d5c
Instruction ID: 9fea66741796d6afb7942ac2e08a8b59a1af394e42707beb1efacd4a1b68b23a
Opcode Fuzzy Hash: dbda7258dcd7861e316a73f33dec42bef3e5e68ff731276b06074613775d2d5c
Instruction Fuzzy Hash: 4A9169B3E106354BF3944D28CC993A27282EB95311F1F82788E8DAB7C5E93E9D4953C4

Function 00AEA48E Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e038c51d00abe593a86d26ee581466d94d0ebf3035bb61b77fca9ea0b4822534
Instruction ID: b825196380fbd068a01056d2112d4799af8c18f0726ea0c8edd4cf2425c98b6d
Opcode Fuzzy Hash: e038c51d00abe593a86d26ee581466d94d0ebf3035bb61b77fca9ea0b4822534
Instruction Fuzzy Hash: F8917CB3F1162547F3544939CC983A26683EBD5325F3F82388A98AB7C9DD7E9D064384

Function 00AE2589 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b5960a5dd187bd947a3ca86ac9f9d0f3ac708eb979f113f039ca39ec64f0f07
Instruction ID: 3051a60927f18f0ce562c7a9691902dff63bf23e0958f73da71719ac30d7e15c
Opcode Fuzzy Hash: 4b5960a5dd187bd947a3ca86ac9f9d0f3ac708eb979f113f039ca39ec64f0f07
Instruction Fuzzy Hash: 5D91ADF3F1162647F3544D39CC983627693DBA5314F2F82788E486BBCAD93E5D0A5288

Function 00AC96D0 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c17d6c1e36f2c9ccea46a6d361bf7498a547c19c0936f13ae653406ee01cf2eb
Instruction ID: e4a84a5d4f2ce43ba1caafd63ec9ff668e265b86a0cb1b6f78e78153307ccbfa
Opcode Fuzzy Hash: c17d6c1e36f2c9ccea46a6d361bf7498a547c19c0936f13ae653406ee01cf2eb
Instruction Fuzzy Hash: 3E9156F3F2162547F3580829CD983626683DBE5325F3F82388E596B7C5DD7E9D0A4284

Function 00BC9454 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e087579b6250305dfd54d4b084bdd7a55a010c5f485d143799bd620b30f9dc15
Instruction ID: b4fc10430025ecc5306f57fc62529c202c3a9e69789ea3171e9c1acadf9edb66
Opcode Fuzzy Hash: e087579b6250305dfd54d4b084bdd7a55a010c5f485d143799bd620b30f9dc15
Instruction Fuzzy Hash: C57126F3A086145FF3046E3DDD897BABBE5DB94320F1A463EDAC4C7B84E53598018286

Function 00AE8089 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6232f1a203601dacc137aacd9de35158a95f336b58fdffce6f7315a67f380fb
Instruction ID: bec1d10555399cb4de17998aefa1609e6b0c5afcd3936f564f8f2bea208ddd31
Opcode Fuzzy Hash: c6232f1a203601dacc137aacd9de35158a95f336b58fdffce6f7315a67f380fb
Instruction Fuzzy Hash: 39816AB3F116204BF3544838CD683A66583AB95324F2F83788F9D6BBC5D97E5D0A42C4

Function 00AEE259 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ea33ffe0623735179f8915ce6be2c5b34962ab8f661c7fe984cd1f51edf475e
Instruction ID: 4c682b9efd81ea610fdce0205fbfde97d9075423b622d29c50860ad361d555a1
Opcode Fuzzy Hash: 5ea33ffe0623735179f8915ce6be2c5b34962ab8f661c7fe984cd1f51edf475e
Instruction Fuzzy Hash: 0D814BB7F115254BF3504D29CC543A27293EBD9320F2F81788E88AB7C5E97E9D0A5384

Function 00AC3128 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f075ff466fecaf682442c2e6664c6d84b3e9c7a2650cf94ee35fd40150d3f67
Instruction ID: f64bfed7abea2603cfd497eca4d4d09043c579e9851a3a8524b2466738818a84
Opcode Fuzzy Hash: 0f075ff466fecaf682442c2e6664c6d84b3e9c7a2650cf94ee35fd40150d3f67
Instruction Fuzzy Hash: 2C8144B3F2152047F3584928CC583A26583ABD5325F2F82788E9DAB7C9DD7E5D0A43C8

Function 00A70560 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 786a63646fca7170ffd9e70ec4cb4d9214a98e5a3f1acccc6bc85afe21ba79e7
Instruction ID: 11284d182359acddf1f9abcce8356ef4fd6b8949fb7fd2ab86f5123912026738
Opcode Fuzzy Hash: 786a63646fca7170ffd9e70ec4cb4d9214a98e5a3f1acccc6bc85afe21ba79e7
Instruction Fuzzy Hash: 7361E135608301DBD715EF28DC50A2FB7E2EFD5750F19C92CE8898B261EB70A851CB92

Function 00AD114B Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f8e43f3dd52914396080c6048cd1b4aea0fccd2b24b361a31d562f8c0d9d15
Instruction ID: 7d197ae3d2dceb7abdfe683faa948272394b9aca615a50b0573759756d200655
Opcode Fuzzy Hash: 81f8e43f3dd52914396080c6048cd1b4aea0fccd2b24b361a31d562f8c0d9d15
Instruction Fuzzy Hash: 0F8198B3F1062147F3544D29CC983A27683EB91325F2F82788E896B7C9DD7E5C0A5384

Function 00AE355F Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 753ab93db591bca3f982d954272412a9f11c67a77cd7250334b90c623fd246b2
Instruction ID: a776673a231e77faa6ea3cbb551f0da41ff917536f5f278750e6c7fb1198621e
Opcode Fuzzy Hash: 753ab93db591bca3f982d954272412a9f11c67a77cd7250334b90c623fd246b2
Instruction Fuzzy Hash: 71817DF3F21A2447F3444A25CC983A27252EBD5325F2F82788F996B7C5E97E9C095384

Function 00AA52E2 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346c7b566a436688a984c615b0a706e2aecdea395aa6eece6951b62c5d9c7c31
Instruction ID: 3f629bc470c6572fc6079df7c2e14d7112e5ff934bb21e6e2cf50b9197a71e87
Opcode Fuzzy Hash: 346c7b566a436688a984c615b0a706e2aecdea395aa6eece6951b62c5d9c7c31
Instruction Fuzzy Hash: 7C819CF3F115154BF3844929CD593A26583EBE1314F2F82388F89AB7C9D97D9D0A5388

Function 00AB92B9 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17cefcc4b1b3197afc0bb0f245ccb13006e99d288b1141b08277bfa314702b24
Instruction ID: 9f635bf7c860df0e4c09bf5feb03db4c41e22df886db73bbf5682f6b243173c2
Opcode Fuzzy Hash: 17cefcc4b1b3197afc0bb0f245ccb13006e99d288b1141b08277bfa314702b24
Instruction Fuzzy Hash: C8819EF3F1162007F3444979CC993627682EB95325F2F82788F89AB7C5D97E9D0A5388

Function 00AF15B8 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d269a1f498e1623d216efb2eb18ad314e62f7af2eaa16ed22add0d774f34f9
Instruction ID: 4d3f14461ef3f5295b79fa650e46670bcf7e914fa9494de27561dba2332f3d1e
Opcode Fuzzy Hash: 19d269a1f498e1623d216efb2eb18ad314e62f7af2eaa16ed22add0d774f34f9
Instruction Fuzzy Hash: AE8189B3F106154BF3440D69DC983A27683EBD5315F2F82388A899B7C9E97E9C0A5384

Function 00A98125 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01575b5e8533acf3dcacf26e74eda6a390cbc24cf3744d7f89b69e6d29ef1a37
Instruction ID: 77f22c8d3a69f191b404ec8fca283972892db11f0beba2f3b18909a03a0c2b6e
Opcode Fuzzy Hash: 01575b5e8533acf3dcacf26e74eda6a390cbc24cf3744d7f89b69e6d29ef1a37
Instruction Fuzzy Hash: A48169B3F116254BF3544D29CC583527683ABE5321F2F82388E98AB7C5DE7E9D065388

Function 00ABA3C5 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33498ef54eb771ea9fb6ce12172e7a81cb60549baf59c8228b8825088474f144
Instruction ID: 60bf97c496efff20a7ec19311aff093a967594b99320465e2b677733afd4f2e1
Opcode Fuzzy Hash: 33498ef54eb771ea9fb6ce12172e7a81cb60549baf59c8228b8825088474f144
Instruction Fuzzy Hash: A1819FB3F1062547F3544D28CC983A27692EBA5321F2F42788E8C6B7C5DA7E6D0953C8

Function 00AB85AE Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f97ec6fca0cdddd76bd971383fa198e5b0ae212396b36e6ba5faebef3720c10
Instruction ID: a1623691fbb39132d58b917eb758d643574cd4c70b4b0ab0eae9f2fd3d5ff4c2
Opcode Fuzzy Hash: 8f97ec6fca0cdddd76bd971383fa198e5b0ae212396b36e6ba5faebef3720c10
Instruction Fuzzy Hash: 51814EB3F116254BF3544D29CC583A276939BE5325F2F42788E88A77C5DE3E9C0A9384

Function 00B0E1AA Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1401a0abcc671c415ea1fdc0242b0b784d276c10638083040adefdb719d7d597
Instruction ID: 2128e42f9a9a1434c6f88e6fde1a91cec9686a82dc2d89e5df5d7950ac049ab3
Opcode Fuzzy Hash: 1401a0abcc671c415ea1fdc0242b0b784d276c10638083040adefdb719d7d597
Instruction Fuzzy Hash: FB7188B3F1152447F3584964CC683A2A693ABD5325F2F82BC8E9D6B3C1D97E5C0A93C4

Function 00AD20E8 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1eb5dcec6350846f436770048b5bcb9e6797c0df429a42860f67e1e6a6fc98f
Instruction ID: 3c0273c143bda567f9cffc33af072636ac6e10df629b3bc97c5982f9c8dcc860
Opcode Fuzzy Hash: c1eb5dcec6350846f436770048b5bcb9e6797c0df429a42860f67e1e6a6fc98f
Instruction Fuzzy Hash: D6816BB3F1122547F3544929CC583A27683EBD5324F2F82388A9C6B7C9DD7E9D0A5388

Function 00B0223A Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0241979aa20470ee771f12162d6c6d1215fe5c924211f4702bc38bfd8f9541c0
Instruction ID: 8084a4f5a807117793a02019235c4ea5ef51279c9bec0485665df4d400547375
Opcode Fuzzy Hash: 0241979aa20470ee771f12162d6c6d1215fe5c924211f4702bc38bfd8f9541c0
Instruction Fuzzy Hash: 498178F7F116254BF3540929CC583627283EBE5315F2F81788E8DAB7C6E97E9C0A5284

Function 00AFD287 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37af1796f2e2a523e00ad7ecb0ecd70c264065ea738692bc18b734d8c842ef31
Instruction ID: 6318e4ccdefb8da37e3b19d9e0ef7c214f3d60cffeaabe19490311a553221336
Opcode Fuzzy Hash: 37af1796f2e2a523e00ad7ecb0ecd70c264065ea738692bc18b734d8c842ef31
Instruction Fuzzy Hash: DB8169F3F116254BF3544D29CC983627293EB95325F2F82788E986B7C4D93E6D0A5388

Function 00A53540 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 655d6c310cac02f735dcd46c55009f4c6172b1a480e4064e82f4f03fc26f9785
Instruction ID: 3b33363cf7d94ba2ebfb3176e4c3feaf9efb269f4d398275986ab4ed927c9407
Opcode Fuzzy Hash: 655d6c310cac02f735dcd46c55009f4c6172b1a480e4064e82f4f03fc26f9785
Instruction Fuzzy Hash: 727156B2A09300AFD714CF64DC8175FBBE4EBC5705F15892CFA899B380D774990A8B92

Function 00B0C14B Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b7e078bedd7abebd0b866e0d5e972a1a60ace46092c324f5185e495d795a53
Instruction ID: 4d3e87f92d963365f958c1189d78258b96b075cd85bf9a33d22b3d65dbba4a23
Opcode Fuzzy Hash: 19b7e078bedd7abebd0b866e0d5e972a1a60ace46092c324f5185e495d795a53
Instruction Fuzzy Hash: 89718EB3F2161547F3444D28CC943A27293EBD5321F2F82388E48AB7C5D97EAD4A5384

Function 00B16308 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c3bc9c810874f5012283691a42f141550c9ee372c15387e279980f7ea1d9d20
Instruction ID: a790f9e2f8a63931354fc7bd07cacf5b502badd5409a60253b11b767b91143de
Opcode Fuzzy Hash: 7c3bc9c810874f5012283691a42f141550c9ee372c15387e279980f7ea1d9d20
Instruction Fuzzy Hash: EA7173B3F216244BF3504D28CC493A27653EBA6311F2F81788E986B7C5D97EAD095384

Function 00AFC661 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718654d87abd45a5bc7ec2442fc1f465f663df379aef540d15997b6f71f2ee54
Instruction ID: d79cfbd22d71b66f816d8357083c94f7e2c18c50336f89014646af4dac51b510
Opcode Fuzzy Hash: 718654d87abd45a5bc7ec2442fc1f465f663df379aef540d15997b6f71f2ee54
Instruction Fuzzy Hash: 6F718DB3F516254BF3404D69CC943A2B683EBD5325F2F81788E88AB7C5DA7E9C065384

Function 00AD5305 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99d89d734ad7f87b6b7547ce4b9aaba2af7d9726f9e3353a7e20a2719079956
Instruction ID: e7678082e654a6e0054f52f841bc88ae526417eb454cb83f09d9bf47f8a0bc19
Opcode Fuzzy Hash: e99d89d734ad7f87b6b7547ce4b9aaba2af7d9726f9e3353a7e20a2719079956
Instruction Fuzzy Hash: 2A71BFB3F6162147F3544878CC983926683ABD1324F2F82788E9CAB7C5DD7E9D0A5380

Function 00AA8589 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1ddbced0e521c8b9e6f0037a56464e5c84fcb8246c54579b0f9cca594c1262
Instruction ID: b205b12e0e40851edf26ad9070c4e285ffebf11babf8a2f994835c5f0f397c4b
Opcode Fuzzy Hash: da1ddbced0e521c8b9e6f0037a56464e5c84fcb8246c54579b0f9cca594c1262
Instruction Fuzzy Hash: 98719EE3F116210BF3400978CC983627692EB95321F2F81788F9C6B7C5DABEAD095384

Function 00B14361 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9d4706c720f76ca2d47754ad499b363294041e877acc6e84e9a462f7a3e2111
Instruction ID: 15f258676c86ad40140270dfb920ed0577f73b58c2eeca72535cd2bba399859e
Opcode Fuzzy Hash: b9d4706c720f76ca2d47754ad499b363294041e877acc6e84e9a462f7a3e2111
Instruction Fuzzy Hash: 62718EB3F1122547F3544E69CC583A27293EBD5311F2F81788E886B7C8DA7E6D069384

Function 00A9E419 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db06e6cfa58b5a1ec19769b08eb2fd8050af83a845478c7df6c4806c04f615a
Instruction ID: c0b3e4a69c89c9f1e33972f9f0003a20df02e841465dffe1690b3ae8cb6d5ed8
Opcode Fuzzy Hash: 6db06e6cfa58b5a1ec19769b08eb2fd8050af83a845478c7df6c4806c04f615a
Instruction Fuzzy Hash: 38718EB3F1152147F3848929CC983A37683EBD5315F2F81788A899B7C9DD7E9D0A5384

Function 00AE8486 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889c630b0cadaba74c48192c40376fa081242013d21ff87054eb5d5b599eeb53
Instruction ID: b04f82bee43ff853ded4b7549964857cdc5fc3c5f7e7efe2785e570bc2445e9a
Opcode Fuzzy Hash: 889c630b0cadaba74c48192c40376fa081242013d21ff87054eb5d5b599eeb53
Instruction Fuzzy Hash: C5718FB3F116244BF3504979CC983A27683EB95314F2F82788E886B7C5D97E6D0A53C4

Function 00AD1553 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8597512a061f241d19e22e039896994b184df1c211b791e68d3f36a23f60dc99
Instruction ID: 0baced3df734d9f31e6265a9abe5bddc503df3c5b280c734cd62184bf90ac19c
Opcode Fuzzy Hash: 8597512a061f241d19e22e039896994b184df1c211b791e68d3f36a23f60dc99
Instruction Fuzzy Hash: 49715CB3F116254BF3544D28CC943A27253ABD5321F2F82788E896B7C5D93EAD0A5384

Function 00AC8430 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9bf2994e518d5ce925e88fc04b1023dd1173af4647ad170c8a8be41672bbf64
Instruction ID: be0e9260f8965cf0397965fe55ddc0816e8457f8316d7ff95318c3b724abd97a
Opcode Fuzzy Hash: f9bf2994e518d5ce925e88fc04b1023dd1173af4647ad170c8a8be41672bbf64
Instruction Fuzzy Hash: B9715DF3F1163447F3544929CC483A2B692ABA5321F2F82788E9C6B7C9D97E5D0A53C4

Function 00AC01A5 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc5495695f83d038d20df4c75a8950d75ad6a18c879e8d6f30eca250e192c73
Instruction ID: 24788c5f73ae1b88f51cb80af8a593c6410c80c749b85103d11a7152f88a072e
Opcode Fuzzy Hash: 7fc5495695f83d038d20df4c75a8950d75ad6a18c879e8d6f30eca250e192c73
Instruction Fuzzy Hash: 80717BB3F1062547F3440D79CC983627692EB95324F2F82788F686BBC9DA7E5D0A5384

Function 00B051E3 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fcdde7b0129c71e90899b6d4e5110c3bd355530d0b859ad7a5fd6c74ae14fb2
Instruction ID: 2ce8ea8a357c8e4918f620821c4ae34f77d80166942cf08509dadd6ea30f9133
Opcode Fuzzy Hash: 0fcdde7b0129c71e90899b6d4e5110c3bd355530d0b859ad7a5fd6c74ae14fb2
Instruction Fuzzy Hash: 88716BB3F1162447F3904929CC483927293EBE5325F2F81788E886B7C5E97EAD4693C4

Function 00AAE3CB Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5286b8d838424698c46fba25a153fc0a12474ebd8ca0e5046487b3113b1c17cc
Instruction ID: 968da093ed208078d9b5f8623400e9ef3abaff5a8ec63b104725d060e0bc43c5
Opcode Fuzzy Hash: 5286b8d838424698c46fba25a153fc0a12474ebd8ca0e5046487b3113b1c17cc
Instruction Fuzzy Hash: 8E618BB3F1162447F3544D69CC943A27683EBA5321F2F82788E9C6B7C9E97E5C064384

Function 00A4E690 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bff005e63acece03bb21f7e676b78ab82e3fa2516d0bde73055b83227fb4db7
Instruction ID: a4d769c0fb17767e24efc6b9d51999848773d1bff6b310674074901bec750693
Opcode Fuzzy Hash: 5bff005e63acece03bb21f7e676b78ab82e3fa2516d0bde73055b83227fb4db7
Instruction Fuzzy Hash: D0611939A083919FC725CF78D89092A7BE1BFD5324F4886ADE8D44B392D671DC05C792

Function 00ABB2DC Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061fc82e6e3eb9c3aed6a6b30641e909c8ae318260806c5f4dcb77fb55e5ad91
Instruction ID: 3f0b56cdb5b630e09b49f19aa1abe6d2445ed814b93858e6b9102349d3791836
Opcode Fuzzy Hash: 061fc82e6e3eb9c3aed6a6b30641e909c8ae318260806c5f4dcb77fb55e5ad91
Instruction Fuzzy Hash: 6A618DF3F1162547F3444D68DC983A26683EBD5325F2F82388E586BBC5D97E9C0A9384

Function 00AC878B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6d51a4a50f62098b8958ba63f22abb6b7135fc17ad2e5283f718a3e19df494f
Instruction ID: 588b9d7bc5761740fc753648ea4163c63cf885abb4deedd7b09ba70cbaf5a344
Opcode Fuzzy Hash: d6d51a4a50f62098b8958ba63f22abb6b7135fc17ad2e5283f718a3e19df494f
Instruction Fuzzy Hash: 4161AFB3F1162547F3584928CC643A27683EBD5325F2F827C8B996B7C5D93E9C065388

Function 00ACF4E0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe9a8700b025eb1eb8b238054bead0ae93a41435f8e5cfc04a0ac7a8f8b0081b
Instruction ID: 69f7cbf600415c699b0908118100f814ce3087f0c02990574d4f00e373e9238f
Opcode Fuzzy Hash: fe9a8700b025eb1eb8b238054bead0ae93a41435f8e5cfc04a0ac7a8f8b0081b
Instruction Fuzzy Hash: D46161B3F1062447F7544D29CC983627692EB95320F2F4178CE9D6B3C5DA3EAD0A5788

Function 00A57149 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d77910f24485f913f1c5f519d36c5a7c260574e30f3955d7a5c4050181b16f
Instruction ID: 8548f611b4d9cd97fe0cb678907f0985dcdb35d0f9067059e5ba43d904de750f
Opcode Fuzzy Hash: a9d77910f24485f913f1c5f519d36c5a7c260574e30f3955d7a5c4050181b16f
Instruction Fuzzy Hash: 6451F0719147548FDB208F68DC417AEBBB2FF49320F1485ACD94AAB750DB75A886CF80

Function 00AC0514 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e680265666df19d8f248976dd96c32d76a30a6c625107fb1673935fb6ba1a66
Instruction ID: 3d897dc97e5d5a02307024b7772f4308aad99a793e5e74d04496c79c7a13d2f1
Opcode Fuzzy Hash: 6e680265666df19d8f248976dd96c32d76a30a6c625107fb1673935fb6ba1a66
Instruction Fuzzy Hash: 1E618FB3F2162547F3544D69CC843A27292EBE5711F2F82788E8CAB3C5E97E6C095384

Function 00AA7129 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e82b9c09f877433d7e391fb8a32ab4ea8ed2fe61b9937f37da7aab6867253e34
Instruction ID: 4b12cb9ce8808851439ae1bb0725f12023e758b34b22c42025793b792180dd13
Opcode Fuzzy Hash: e82b9c09f877433d7e391fb8a32ab4ea8ed2fe61b9937f37da7aab6867253e34
Instruction Fuzzy Hash: 6B6129B3F116244BF3544D29CC983A27692ABD5324F2F42788E9C6B7C5D93E6D0A5388

Function 00A9C006 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e002326095b950c5fdc822d29d52faa4557f6e2d39d161dfd7a48500b87ad6a
Instruction ID: 76808543ef56fc3384405ec62f4bc9bf8f4cd215a6db7f5edac9efd729ed3dce
Opcode Fuzzy Hash: 7e002326095b950c5fdc822d29d52faa4557f6e2d39d161dfd7a48500b87ad6a
Instruction Fuzzy Hash: E35179F7F1162407F3844978CC983A26582ABA5314F2F827C8E896B7D9DD7E5D0A5288

Function 00B606A6 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a565b902be4b03b64015db75005fa66ad94b31fe99a2cb85c70b593554c0f43a
Instruction ID: 04a3c293414668ac903f96bd09b928684d4993c274a34638c08e47279c3020a1
Opcode Fuzzy Hash: a565b902be4b03b64015db75005fa66ad94b31fe99a2cb85c70b593554c0f43a
Instruction Fuzzy Hash: 2B5155F364870C9FE704BE3DED4463ABBDAEB80214F16863DE584C7748F97559068252

Function 00AC3514 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6533e7710b5feb1a964f95405e1c6ec2100d60ca1fd5a222d94c82a5c8e44289
Instruction ID: 56fad4b67662a94cbdfa6882bccdc8685471b75961f1b4cf299c2adbeac7f447
Opcode Fuzzy Hash: 6533e7710b5feb1a964f95405e1c6ec2100d60ca1fd5a222d94c82a5c8e44289
Instruction Fuzzy Hash: 1951A3B7F1062547F3544E29CC843627792EB95711F2F42788E88AB7C4DE7EAD069384

Function 00A9E15D Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a89b62fdd880651aace11c1afc697c76626f3ae8e3514ff7418683a92a183a4d
Instruction ID: 9850c0ab7163fa89af11c0531c85443213b0e7c652b947e38b28f2e3c12de44c
Opcode Fuzzy Hash: a89b62fdd880651aace11c1afc697c76626f3ae8e3514ff7418683a92a183a4d
Instruction Fuzzy Hash: 4C515BB3F5162547F3544E64CC943A27253EBD5321F2F82788E986B3C1DA3E6C069388

Function 00B0826B Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1947ce75fd94f1617946ddae911a501028a20615cd31da2570d445f67c261158
Instruction ID: 0622bf0fe40030ad6b4b9ee9b787509c226eda516527aa1c111f2ccda1b03506
Opcode Fuzzy Hash: 1947ce75fd94f1617946ddae911a501028a20615cd31da2570d445f67c261158
Instruction Fuzzy Hash: 01518BB7F115244BF3144D28CC583627693ABE5315F2F82788E9DAB7C5DD3EAC0A5284

Function 00AC104A Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb04882386201215b711be903affaed233c7b31e0a9e154290a218fc07d7c2d7
Instruction ID: 24f29070e4c50e703a26db73f989614ce26e66761486e90c84e38c7a9c225de0
Opcode Fuzzy Hash: cb04882386201215b711be903affaed233c7b31e0a9e154290a218fc07d7c2d7
Instruction Fuzzy Hash: B8516FB3F106254BF3144D69CC98362B692EBD5314F2F427C8E89AB3D5DA7EAD058384

Function 00AAF518 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4fcdd343e7111bc8cda7d879f58cf5df1e3473bbfa425f927cea90216c643c
Instruction ID: 376fc5883af3142950112778e6d11a04fef2bbd26b68851a1fa2b2ce19bed559
Opcode Fuzzy Hash: bc4fcdd343e7111bc8cda7d879f58cf5df1e3473bbfa425f927cea90216c643c
Instruction Fuzzy Hash: A751A1B3F116244BF3544E28CC953A27682EB95311F2F457CCE89AB3D4D93EAC09A384

Function 00AA743C Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbf82c36a30fbba27bce2c7f0ef89b6a5b6aa08b25166afb01b94ca009f9078
Instruction ID: f482251436baa9a465cc04d08ad83e73758b0b71d0009bc40a87422be97b9e46
Opcode Fuzzy Hash: 6cbf82c36a30fbba27bce2c7f0ef89b6a5b6aa08b25166afb01b94ca009f9078
Instruction Fuzzy Hash: EA515CB3F1162547F3544E29CC583A27683ABE1325F2F82788E9C6B7C9D93E6C465384

Function 00A96480 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ecf4a4bdf328d6cb7c0fb81ce40ee2aceb6e11d03ce3a6a8fc943bc0ed9c90
Instruction ID: 99b4c48d90ab91049221fe477559166bff5bea388f6aebb99de11ca473cae689
Opcode Fuzzy Hash: 50ecf4a4bdf328d6cb7c0fb81ce40ee2aceb6e11d03ce3a6a8fc943bc0ed9c90
Instruction Fuzzy Hash: 025162B3F106244BF3504E68CC983627291EB95321F2F4278CE886B7D5DA7E6D4997C4

Function 00AB16B3 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b33075facc3e910e9c0f2b70ac20dd48005bbd5ef50942cbff8c69c360c47d7
Instruction ID: ca72b48d2e87600a844790495e7666a91fd0bfeaf9949360c22508976450a06b
Opcode Fuzzy Hash: 2b33075facc3e910e9c0f2b70ac20dd48005bbd5ef50942cbff8c69c360c47d7
Instruction Fuzzy Hash: 8C5180B3F116254BF3844D69CC983A27293EBD4311F2F81788E49673C5DA7E6D0A5388

Function 00BB1798 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c05be51f27e06cd7ab645aff232cfddd25b4d4af43f2b9a398534a4f01c0fdd7
Instruction ID: 9331ad40410cd8eca046047041b66a4dd603d90eea1a7980cc53008fc5d2855d
Opcode Fuzzy Hash: c05be51f27e06cd7ab645aff232cfddd25b4d4af43f2b9a398534a4f01c0fdd7
Instruction Fuzzy Hash: 0F4109F3D081249BF7006A29EC4436ABA96DBD4320F2B873DEE9C937C4E5364D5586C6

Function 00B11058 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a92e2105547d0afad8283968dbb40f45a8b1c7c2a9f2984006eb8e10021b87e
Instruction ID: 29cf5b461aacdfc481400f31ce2ea0cf95ae8243f8984aac183935e4a10ed20d
Opcode Fuzzy Hash: 3a92e2105547d0afad8283968dbb40f45a8b1c7c2a9f2984006eb8e10021b87e
Instruction Fuzzy Hash: 72518DB3F1162547F3540E54CC983A27292EB95321F2F42388E9D6B7C1EA7E6D1A53C4

Function 00A9B7AD Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44eb2f9f88e3be481ab9439bfcab99b279084e35f83714c488d8f9538eed9502
Instruction ID: 2793fb688732e255d10db3e00e4c01de2538c4d7dac0b8afc90b2df9284f886c
Opcode Fuzzy Hash: 44eb2f9f88e3be481ab9439bfcab99b279084e35f83714c488d8f9538eed9502
Instruction Fuzzy Hash: 295176B3F112224BF3640D39CC983626683ABD5321F2F82798E996B7C5DD3E5D0A5384

Function 00AF7028 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46bcfb475a15651d0da407c644189171e46102dd79b3c5e548265d8f79f0efcb
Instruction ID: f3abba6d4302d502163c6818fc3a7d5a2b280f28071edb9bd300bf4fc08c3368
Opcode Fuzzy Hash: 46bcfb475a15651d0da407c644189171e46102dd79b3c5e548265d8f79f0efcb
Instruction Fuzzy Hash: E0519FB3F406244BF3548E29CC943627292EBD6311F2E417CCE895B7C8DA7E2D499381

Function 00AA267D Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a1c63ae108bf32f716281c69ba8e858d59134e80dd13b0a0de98a46f47bba72
Instruction ID: f2f3b97395db3968e266a2d7f76e2789b04ce06d49e12a5724fa5710d5112325
Opcode Fuzzy Hash: 7a1c63ae108bf32f716281c69ba8e858d59134e80dd13b0a0de98a46f47bba72
Instruction Fuzzy Hash: B841A4B3F216244BF3844D68CC953627292EBD5311F2E817C8E859B7C4CDBE6C099384

Function 00AF0250 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 230bc27e82c4dba881999d3c548441c3a46bf773e5a42680956004f552bb92bd
Instruction ID: ab8b7e603c09c34c6ada4b1d16def69a4c94db1c49e52f245bd2a1cfba271f05
Opcode Fuzzy Hash: 230bc27e82c4dba881999d3c548441c3a46bf773e5a42680956004f552bb92bd
Instruction Fuzzy Hash: 49418BB3F125254BF3540978CC2836266839BE6328F3F42788B6D6B7C6D97E5C065388

Function 00AAA1CA Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85bfcfea2d9188b61cf43f2bcb232070942d73cdf10f39ed31b3b80e3bb81ede
Instruction ID: 0b8f3a4c1b5e3e556984729461b3a4fe725bc06008a68aede6a35d65b551d8f9
Opcode Fuzzy Hash: 85bfcfea2d9188b61cf43f2bcb232070942d73cdf10f39ed31b3b80e3bb81ede
Instruction Fuzzy Hash: 46414BF7F006254BF3544968DC983927682A7A5314F2F82788F5C6B7C6EA7E5C4A42C4

Function 00AE9136 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71da85a6f1b68ce2833eaf5d8f1668dea95ad839cc4e4fd87547a42ffd2243fe
Instruction ID: 12523d10f224b6962396f37a662b3c7eaf42e0c3fdd553ba57e7e85e16c158f5
Opcode Fuzzy Hash: 71da85a6f1b68ce2833eaf5d8f1668dea95ad839cc4e4fd87547a42ffd2243fe
Instruction Fuzzy Hash: 734156F7F5063547F7484964EC983626242ABA5325F2F42788F4C2B3CAE97E5C4A53C8

Function 00A610F0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02476f44115374f33d061a3d692a4d681c2d32e35ebfde4d9e8dbe7f2edffa48
Instruction ID: 216f220179cfe662ecc8796fc40ab84f23f7aaec52c6949b436f3226d7598444
Opcode Fuzzy Hash: 02476f44115374f33d061a3d692a4d681c2d32e35ebfde4d9e8dbe7f2edffa48
Instruction Fuzzy Hash: 069178B019A3828BC374CF04D95C68BBBE5BB89318F50CA4ED48C4B350CBB4158ACF86

Function 00A4649B Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 28c882b80968f0e171731a57824f3930c731f008a77c1e7bcf77371845809dd2
Instruction ID: 05244798d857b37d86923be1e227a73fe1f70b845e29b2a6bbe9fc66b6ea78fe
Opcode Fuzzy Hash: 28c882b80968f0e171731a57824f3930c731f008a77c1e7bcf77371845809dd2
Instruction Fuzzy Hash: 2131EE766092109BD718CF24D89176AB3B2FFD1708F95951CE48A5B21AD732AC428BD3

Function 00AD46EF Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d679da28bdd6278b0c37392538f97921c4535e61000449889da7e5553d34def7
Instruction ID: b5a7bc4c43c1b7c94b4206901072418820536d6c9fb83445160af8e87b25748c
Opcode Fuzzy Hash: d679da28bdd6278b0c37392538f97921c4535e61000449889da7e5553d34def7
Instruction Fuzzy Hash: 554126B3E106354BF3944E68CC593A27292EB96311F1F8178CE89AB3C5D93E5C4997C4

Function 00AD24A1 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f5172250562e3a8366723c3986e5e2b5352ac08c999225163a4c481e4ab8b5
Instruction ID: f9c4e7b9373d39df495000d32856d0ff6d8a605c54d1e9fb9026dc073ca7bf91
Opcode Fuzzy Hash: f2f5172250562e3a8366723c3986e5e2b5352ac08c999225163a4c481e4ab8b5
Instruction Fuzzy Hash: 674115B3F116148BF3944E25CC993A23252EB95320F2F4178CB895B3C1DA7E6D1A9788

Function 00B1560F Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e62bd983f7fcb17928101670a75e3851251e4c0845e7c941844caeb457656ff
Instruction ID: 0f299e862acb49fd659e7e924544ff987c987e4b15cb8f8b3d78119d44a757f8
Opcode Fuzzy Hash: 7e62bd983f7fcb17928101670a75e3851251e4c0845e7c941844caeb457656ff
Instruction Fuzzy Hash: 203105F3F916244BF39444B5DD983921483A7D5321F2F82748F6CABBC5D8BE4D0A5288

Function 00AD431A Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31295683cc220a63ca07a7f8f4c343e5355286dbfcd309f25cf10b6c9c8f2c3a
Instruction ID: ac8aec406924a69b55fe08a45cdf4a9fb94e794f8670c31b7dd625c5a6fe8cf3
Opcode Fuzzy Hash: 31295683cc220a63ca07a7f8f4c343e5355286dbfcd309f25cf10b6c9c8f2c3a
Instruction Fuzzy Hash: CD318DB3F5261547F3584978CCA43A6A683EBDA320F3F43788E6A5B7C5DC7D19096240

Function 00AC5427 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f34dea6693301b659ae79292846608f553cdc03c9ef715081454bc9b8eccf8b
Instruction ID: 27f5bb429fee86503e1c136bb252791e4f79ca6ce67ebfad4f392ba063c8fd7d
Opcode Fuzzy Hash: 9f34dea6693301b659ae79292846608f553cdc03c9ef715081454bc9b8eccf8b
Instruction Fuzzy Hash: F8314AB3F1162107F7588839DD5839265839BE5321F2FC2798BA967BC9EC7E5C060284

Function 00AD517F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8965068cd896007c43e761aa68b759c3c8f1cae5283e54631087b9e8c32d81ab
Instruction ID: db1897019f1f79db2dc87ef015a62c32d096bb55863586c9fc20b87ecd5cd4d4
Opcode Fuzzy Hash: 8965068cd896007c43e761aa68b759c3c8f1cae5283e54631087b9e8c32d81ab
Instruction Fuzzy Hash: 823148F3F1152047F3548839DD983A224839BE5324F2F83749A6CABBCADC7D8D061284

Function 00AE04C3 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37fe8fc5a05f872cde573a643411476c5f2e9976208f8930f7156b64e7066d44
Instruction ID: 9ca2e6ccc666d0f96178d1db81c0d58618d62d1b2c72b297ac6fd5c3bf3f41d0
Opcode Fuzzy Hash: 37fe8fc5a05f872cde573a643411476c5f2e9976208f8930f7156b64e7066d44
Instruction Fuzzy Hash: E1313BF3F616154BF3584879CD993A2258397D1321F3F83788B699BBC9D8BD8C0A1284

Function 00AA6616 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d1aee23dc33a6ef93b5f4a4238ee799cb29fd80c0984d36e5174f2706b7df9e
Instruction ID: a36582bca363af0f6a4eddba00ffa8d6e4b38e64c5420a5ce67c17864910a083
Opcode Fuzzy Hash: 9d1aee23dc33a6ef93b5f4a4238ee799cb29fd80c0984d36e5174f2706b7df9e
Instruction Fuzzy Hash: F43159B3F526240BF35448A9CD99392658397D5325F2F82798F1CAB7C6DCBE8C4A12C4

Function 00A99016 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf756776d6fffe7879a200d9895ade91afd835937827d00335f12d9fefd60a4
Instruction ID: 7bdaed2a866965b9a0fe5bcf4412b44f55ffa9612bd7954afb6c2ec3805182d4
Opcode Fuzzy Hash: 8cf756776d6fffe7879a200d9895ade91afd835937827d00335f12d9fefd60a4
Instruction Fuzzy Hash: 8A319CB3F6062107F7684838CDAA3B22582D784314F1F423D8F8AAB7C6DC7E5C054284

Function 00AB26A9 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1edbde66e2f790d1e6d2fd55cb853693cdf459547d1cbfe6cfe21b9626a72c
Instruction ID: ac1f8b8e110a2acd4ecd58ea9b9b2bca50caa3336c52a9292c051afeb7742d5a
Opcode Fuzzy Hash: 0c1edbde66e2f790d1e6d2fd55cb853693cdf459547d1cbfe6cfe21b9626a72c
Instruction Fuzzy Hash: 22314CA3F0162107F39848B9DD683625582E794325F2F82399F9DAB7C5DDBE1C0A03C8

Function 00AD66C4 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a439a87cd47d36391a3e8ff2bfb7a314c611771dd94f0fa6ea6c1b29ec9d91
Instruction ID: e7e520ee498458c077127c9dcbbe2d09a600800ab141d3d7c902009eaecc81c9
Opcode Fuzzy Hash: 39a439a87cd47d36391a3e8ff2bfb7a314c611771dd94f0fa6ea6c1b29ec9d91
Instruction Fuzzy Hash: E92150B3F1156447F7985839CD69362598397D5320F3FC7389A69AB6C8EC7D5C0A0384

Function 00AB9145 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc78a3a659896dc788cd9a46fe8790e85f1ea1130c337c5b45dbaae8a0327641
Instruction ID: 25a0ab5853eeb59fb1e68b436d683247794d793614e75d1579371b9668a50f57
Opcode Fuzzy Hash: fc78a3a659896dc788cd9a46fe8790e85f1ea1130c337c5b45dbaae8a0327641
Instruction Fuzzy Hash: B92159F3E11A3547F3504879CC483A26542ABD5324F2F83708E6C2BBD6D87D8C0912C4

Function 00AFA35A Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f10b60d076cf4411e915cee6253c465f49c993eaa17c4e22c016494dc29bcc24
Instruction ID: bda2874572fc50b09c479e8d2d6a1c64a9fdd9b098e912b17292f119ba1705ea
Opcode Fuzzy Hash: f10b60d076cf4411e915cee6253c465f49c993eaa17c4e22c016494dc29bcc24
Instruction Fuzzy Hash: 8A2125B3F516244BF3584869CC55392664397D5324F2F82788F9D6B6C9DC7E5C0A0288

Function 00ABF417 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e7059a7ffa955089a56baa35e71460941a3ce58c29e3148315db52f9fd3d634
Instruction ID: c023690bd6a352eaa8116529fa9dd1f7749d13427cb3a826f2168beab013a5d9
Opcode Fuzzy Hash: 3e7059a7ffa955089a56baa35e71460941a3ce58c29e3148315db52f9fd3d634
Instruction Fuzzy Hash: EB213EB3F115204BF3984879CD98362A143ABE5321F2F82798F5C67BC9CD7D1C0A4284

Function 00ABA280 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67afd8ef009307e0bd38ad81f8500ae735155f44c6fa029cdafcde9667f28447
Instruction ID: 40a83403a6ef2f0d51f6ad174584f4761c42055ad92bc6baf302ec36cbdee008
Opcode Fuzzy Hash: 67afd8ef009307e0bd38ad81f8500ae735155f44c6fa029cdafcde9667f28447
Instruction Fuzzy Hash: B9215BB3F5062107F3588869CDA53A2A1829BD5320F2F827DCB5E6B7C5CC7E5C0A5284

Function 00AFE138 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34179dd0bab3b5044a4fd6647b57a085811d24fbb14b7db81be95572692e3d8f
Instruction ID: c3b3add8c36938682e4d3088c0cbdb34c07e02a4e3d53891cf75883c39b43a71
Opcode Fuzzy Hash: 34179dd0bab3b5044a4fd6647b57a085811d24fbb14b7db81be95572692e3d8f
Instruction Fuzzy Hash: 4C213AB3F526254BF3504D26CC843527693A7E9321F2F82788AAC5B7C9DD7E280A5284

Function 00B06101 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a49a3b23be73921c4ff067ba5d1f066f6d9c2346d658381dc2d2424d851c038b
Instruction ID: f738001183cd2cdf483df853a01b1cf567165315ab74b9de6fd73184dc44b761
Opcode Fuzzy Hash: a49a3b23be73921c4ff067ba5d1f066f6d9c2346d658381dc2d2424d851c038b
Instruction Fuzzy Hash: F921F5F3F6161487F7488836CCA43922283A7E6724E3F427887685B3C5ED7E98074385

Function 00A5D38F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1711e11b31dd528d727f0a3d170d80301d8cddf72e4f49161fa5c550934a15
Instruction ID: 04bad5de5c33bfc4643643b25094b8902deb0c15804f456286e0fc3eca3e9c2d
Opcode Fuzzy Hash: 8b1711e11b31dd528d727f0a3d170d80301d8cddf72e4f49161fa5c550934a15
Instruction Fuzzy Hash: B111C275A58B808FE325CF39C850B53BBB3EB92315F04C95CC4DA8B649CB38A405CB96

Function 00A3B63A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfd6cc82e47356adbf3f296a13f9d0ea59a539581dfba922bfebcfdc15e37816
Instruction ID: 363d38611c12fe17e7ed05c54a8f4ef98ee8a5c021f80b15882995a7484d902f
Opcode Fuzzy Hash: dfd6cc82e47356adbf3f296a13f9d0ea59a539581dfba922bfebcfdc15e37816
Instruction Fuzzy Hash: D9F06D70E606048BD7058F58CD627B273B2EF8A301B18E165E945DB768E778C802C724

Function 00A8F450 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729215120.0000000000A89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true

Associated: 00000000.00000002.1729103398.0000000000A30000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729129056.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729195061.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1729215120.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730145883.0000000000D3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730459110.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1730487048.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8e42000f771636f76f9049ea2f85eaf8d13d51c58fc436dd0972f8b0104540
Instruction ID: 263ca2617d9c7478e640ce892eebcfa74a82a684f3e65ff156bdbb6d0b6105b5
Opcode Fuzzy Hash: cc8e42000f771636f76f9049ea2f85eaf8d13d51c58fc436dd0972f8b0104540
Instruction Fuzzy Hash: 0AE04F7660C6119FE70CEE16D5A187FBBF5DBD4300F21C46ED88B53114E63418098B56

Source: https://occupy-blushi.sbs/apiU=	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs:443/apiO	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/5	Avira URL Cloud: Label: malware

Source: https://occupy-blushi.sbs:443/apiO	Virustotal: Detection: 10%	Perma Link
Source: https://property-imper.sbs:443/apif	Virustotal: Detection: 10%	Perma Link
Source: https://occupy-blushi.sbs/5	Virustotal: Detection: 12%	Perma Link

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.7.169:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.7.169:443

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.7.169:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.7.169:443

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-63695966h]	0_2_00A3C110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, cx	0_2_00A68440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov al, 01h	0_2_00A6DF42
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax]	0_2_00A580FF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+30h]	0_2_00A4B0C3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_00A6F0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esi+edx]	0_2_00A5A190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00A5719F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+edx+000000E8h]	0_2_00A3F1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_00A6F1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_00A6F2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edi]	0_2_00A5D38F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edi]	0_2_00A5D398
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00A4B3E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00A56369
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push 00000000h	0_2_00A58498
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h]	0_2_00A4649B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00A36410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [ebx+eax+2D31F2E0h]	0_2_00A3B46C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A5B472
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00A5B472
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A4C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00A4C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 845FA972h	0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+04h]	0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 1B6183F2h	0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 8869E8E9h	0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push 00000000h	0_2_00A58530
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edx]	0_2_00A4E690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_00A6F690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A3B63A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edi*8], 484CE391h	0_2_00A707F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A5C7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+esi*8+00h], E6C7F7C6h	0_2_00A6B7C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax-4A2D609Fh]	0_2_00A5D8BE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h]	0_2_00A46882
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-000000ADh]	0_2_00A46882
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00A51890
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00A658F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00A4B804
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ecx	0_2_00A469B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [esp+0Ch]	0_2_00A4C9F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax-4A2D609Fh]	0_2_00A5D9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+34h]	0_2_00A459CA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl	0_2_00A5DAB4
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00A51AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A51AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 4F699CD4h	0_2_00A70AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00A70AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00A59BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, dl	0_2_00A4ABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+04h]	0_2_00A68CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A38CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-102B7BDCh]	0_2_00A4ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], ecx	0_2_00A3DC10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ecx], 00000000h	0_2_00A4DC60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, edi	0_2_00A5BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00A5BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_00A6EDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+39F3FFEEh]	0_2_00A3EE2D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-06409A34h]	0_2_00A46E62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+18h]	0_2_00A67FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1CE638E1h	0_2_00A6FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00A31F40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_00A6EF50

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
file.exe

Function 00A68440 Relevance: 16.5, APIs: 5, Strings: 4, Instructions: 702
memoryCOMMON

Function 00A3C110 Relevance: 7.9, Strings: 6, Instructions: 438
COMMON

Function 00A39FC0 Relevance: 1.6, APIs: 1, Instructions: 131
COMMON

Function 00A3E2DB Relevance: 1.5, Strings: 1, Instructions: 293
COMMON

Function 00A6D770 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00A6AE30 Relevance: 1.5, APIs: 1, Instructions: 43
memoryCOMMON

Function 00A3E29E Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Function 00A3E260 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Function 00A3BB6C Relevance: 1.5, APIs: 1, Instructions: 16
networkCOMMON

Function 00A6AE17 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON