Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quarantined Messages.zip

Overview

General Information

Sample name:Quarantined Messages.zip
Analysis ID:1579853
MD5:95b15b0c14256650abb9232e5872afc2
SHA1:245814a68ee4d404602fe4d9018385ad23ff456a
SHA256:0608a908e284c1ab45e913b5378eebbcf98519c8be34f4ecd5a0510f50bd4c3c
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • unarchiver.exe (PID: 6552 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
    • 7za.exe (PID: 6700 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined Messages.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
      • conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: classification engineClassification label: clean2.winZIP@4/1@0/0
Source: C:\Windows\SysWOW64\unarchiver.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages.zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined Messages.zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined Messages.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_012B2B68 push D97C6C94h; retf 0_2_012B2B92
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_012B2A87 push ebp; retf 0_2_012B2A62
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_012B26EC push 7A906C85h; retf 0_2_012B2706
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_012B29FF push ebp; retf 0_2_012B2A62
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_012B2BFF push D97C6C94h; retf 0_2_012B2B92
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 1560000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 50B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeWindow / User API: threadDelayed 682Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeWindow / User API: threadDelayed 9289Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6092Thread sleep count: 682 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6092Thread sleep time: -341000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6092Thread sleep count: 9289 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6092Thread sleep time: -4644500s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_012BB1D6 GetSystemInfo,0_2_012BB1D6
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined Messages.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
11
Process Injection
2
Virtualization/Sandbox Evasion
OS Credential Dumping2
Virtualization/Sandbox Evasion
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Disable or Modify Tools
LSASS Memory1
Application Window Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection
Security Account Manager3
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1579853 Sample: Quarantined Messages.zip Startdate: 23/12/2024 Architecture: WINDOWS Score: 2 6 unarchiver.exe 4 2->6         started        process3 8 7za.exe 2 6->8         started        process4 10 conhost.exe 8->10         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1579853
Start date and time:2024-12-23 12:28:43 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 52s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Quarantined Messages.zip
Detection:CLEAN
Classification:clean2.winZIP@4/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 45
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .zip
  • Override analysis time to 240000 for current running targets taking high CPU consumption
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: Quarantined Messages.zip
TimeTypeDescription
06:30:08API Interceptor3818436x Sleep call for process: unarchiver.exe modified
No context
No context
No context
No context
No context
Process:C:\Windows\SysWOW64\unarchiver.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):3279
Entropy (8bit):4.998703691961938
Encrypted:false
SSDEEP:48:FHpGUGbUGUGpKGEFGUGpNAGbeGoAGMG+NGUGUGmbGUGtGUGmPr1JzegDXKb2M85J:F0nySIJF+NU4dT4
MD5:75D88D5F0DD4817FD95D618CD4C09202
SHA1:9E40AB3FD3147F84ACC95742717AB1DEBCEE7428
SHA-256:BD289926F8757C427AA17592B67F3D8618DD8B2C1588131E25B6BF719806B324
SHA-512:7E7E5664C92BF07E4467F984B58614C60D1FD62E44C27FC0955320B7927B50868981A0630ED979152C31E601B0CEEFF36DD1DBE905112C45D9CA0A89869727A5
Malicious:false
Reputation:low
Preview:12/23/2024 6:29 AM: Unpack: C:\Users\user\Desktop\Quarantined Messages.zip..12/23/2024 6:29 AM: Tmp dir: C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce..12/23/2024 6:29 AM: Received from standard out: ..12/23/2024 6:29 AM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..12/23/2024 6:29 AM: Received from standard out: ..12/23/2024 6:29 AM: Received from standard out: Scanning the drive for archives:..12/23/2024 6:29 AM: Received from standard out: 1 file, 490422 bytes (479 KiB)..12/23/2024 6:29 AM: Received from standard out: ..12/23/2024 6:29 AM: Received from standard out: Extracting archive: C:\Users\user\Desktop\Quarantined Messages.zip..12/23/2024 6:29 AM: Received from standard out: --..12/23/2024 6:29 AM: Received from standard out: Path = C:\Users\user\Desktop\Quarantined Messages.zip..12/23/2024 6:29 AM: Received from standard out: Type = zip..12/23/2024 6:29 AM: Received from standard out: Physical Size = 490422..12/23/2024
File type:Zip archive data, at least v4.5 to extract, compression method=deflate
Entropy (8bit):7.999621419997842
TrID:
  • ZIP compressed archive (8000/1) 100.00%
File name:Quarantined Messages.zip
File size:490'422 bytes
MD5:95b15b0c14256650abb9232e5872afc2
SHA1:245814a68ee4d404602fe4d9018385ad23ff456a
SHA256:0608a908e284c1ab45e913b5378eebbcf98519c8be34f4ecd5a0510f50bd4c3c
SHA512:f2f6829c7a67c308394de47243192ff4a2448dd7b8ea1a2fec3f4164f82a1084af921b8271614da6ad2d6f4f78c405aeaa69e006c2685ec151e19632d2629650
SSDEEP:12288:8TyPn+WQYXlHO/HceyAl4OEzj3HD6PzSBo4W6Wbc0:T+WQMlHO/8tAlMjz6k0
TLSH:00A423213AA66EF22F6CB5F553891A86CA727CD1532DC403E2A640F0F55EE6470F6E34
File Content Preview:PK..-.....%[.Y..'.........!...DISTRICT REPORT E_2085971194.eml.....}.......z......0..o..Pt..H\.6.(.S.....Q8.-.[..Jn....Y....j......]..Q.B...T..=....E..././.h.....v=H..!.8....$AJ...A.rZW...yG..v+V.....X......{.w".yq...u+;2..*.....52...P......VY.B.n...~S"i
Icon Hash:90cececece8e8eb0
No network behavior found

Click to jump to process

Click to jump to process

Click to dive into process behavior distribution

Click to jump to process

Target ID:0
Start time:06:29:35
Start date:23/12/2024
Path:C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):true
Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages.zip"
Imagebase:0xab0000
File size:12'800 bytes
MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

Target ID:1
Start time:06:29:35
Start date:23/12/2024
Path:C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):true
Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined Messages.zip"
Imagebase:0x180000
File size:289'792 bytes
MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:2
Start time:06:29:35
Start date:23/12/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Reset < >

    Execution Graph

    Execution Coverage:18%
    Dynamic/Decrypted Code Coverage:100%
    Signature Coverage:0%
    Total number of Nodes:73
    Total number of Limit Nodes:4
    execution_graph 1338 12ba2ae 1339 12ba2b2 SetErrorMode 1338->1339 1341 12ba31b 1339->1341 1256 12ba962 1258 12ba997 WriteFile 1256->1258 1259 12ba9c9 1258->1259 1306 12ba120 1307 12ba172 FindNextFileW 1306->1307 1309 12ba1ca 1307->1309 1272 12babe6 1273 12bac36 CreatePipe 1272->1273 1274 12bac3e 1273->1274 1279 12ba5fe 1281 12ba636 CreateFileW 1279->1281 1282 12ba685 1281->1282 1310 12ba933 1311 12ba962 WriteFile 1310->1311 1313 12ba9c9 1311->1313 1283 12ba172 1284 12ba1c2 FindNextFileW 1283->1284 1285 12ba1ca 1284->1285 1286 12bafb2 1287 12bafde FindClose 1286->1287 1288 12bb010 1286->1288 1289 12baff3 1287->1289 1288->1287 1322 12ba370 1323 12ba392 RegQueryValueExW 1322->1323 1325 12ba41b 1323->1325 1326 12bab76 1327 12babe6 CreatePipe 1326->1327 1329 12bac3e 1327->1329 1342 12bb1b4 1343 12bb1d6 GetSystemInfo 1342->1343 1345 12bb210 1343->1345 1314 12baa0b 1316 12baa46 CreateDirectoryW 1314->1316 1317 12baa93 1316->1317 1346 12baf8b 1347 12bafb2 FindClose 1346->1347 1349 12baff3 1347->1349 1350 12ba78f 1352 12ba7c2 GetFileType 1350->1352 1353 12ba824 1352->1353 1260 12ba882 1262 12ba8b7 SetFilePointer 1260->1262 1263 12ba8e6 1262->1263 1268 12baa46 1269 12baa6c CreateDirectoryW 1268->1269 1271 12baa93 1269->1271 1318 12bad04 1319 12bad2a DuplicateHandle 1318->1319 1321 12badaf 1319->1321 1275 12ba2da 1276 12ba32f 1275->1276 1277 12ba306 SetErrorMode 1275->1277 1276->1277 1278 12ba31b 1277->1278 1354 12ba5dc 1357 12ba5fe CreateFileW 1354->1357 1356 12ba685 1357->1356 1334 12ba850 1335 12ba882 SetFilePointer 1334->1335 1337 12ba8e6 1335->1337 1294 12ba716 1295 12ba742 CloseHandle 1294->1295 1296 12ba781 1294->1296 1297 12ba750 1295->1297 1296->1295 1302 12bb1d6 1303 12bb238 1302->1303 1304 12bb202 GetSystemInfo 1302->1304 1303->1304 1305 12bb210 1304->1305 1358 12ba6d4 1360 12ba716 CloseHandle 1358->1360 1361 12ba750 1360->1361
    APIs
    • GetSystemInfo.KERNELBASE(?), ref: 012BB208
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: InfoSystem
    • String ID:
    • API String ID: 31276548-0
    • Opcode ID: 3e26001fea7540c1e8e6c9d55f07040f59adfacd685477c34e07fea15977ad7a
    • Instruction ID: ecefce7c72c12e6ba38cb6912fb10bd2f167afe54c811d4311fedd5070cdcfe4
    • Opcode Fuzzy Hash: 3e26001fea7540c1e8e6c9d55f07040f59adfacd685477c34e07fea15977ad7a
    • Instruction Fuzzy Hash: BB01D6719142408FDB20CF19D9857A9FBE4DF44360F08C4AADD488F756D275E504CBA1

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 12bb246-12bb2eb 5 12bb2ed-12bb2f5 DuplicateHandle 0->5 6 12bb343-12bb348 0->6 7 12bb2fb-12bb30d 5->7 6->5 9 12bb34a-12bb34f 7->9 10 12bb30f-12bb340 7->10 9->10
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 012BB2F3
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: a2b950b06240904f06ef35466c301a626fc75a73cd97e4a36ecc3a0884b17f05
    • Instruction ID: 47cda3c42287838b5243d687407af2fe229f77dbde32299d77c47731c136ce63
    • Opcode Fuzzy Hash: a2b950b06240904f06ef35466c301a626fc75a73cd97e4a36ecc3a0884b17f05
    • Instruction Fuzzy Hash: E731C6714053446FE7228B65DC44FA7BFBCEF45310F0448AAE985CB552D334A909CB71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 14 12bad04-12bad9f 19 12bada1-12bada9 DuplicateHandle 14->19 20 12badf7-12badfc 14->20 22 12badaf-12badc1 19->22 20->19 23 12badfe-12bae03 22->23 24 12badc3-12badf4 22->24 23->24
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 012BADA7
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: 393f8ea6ee360bf2cb1e64f9b0cdd76b5dd83739a7a180c3ab97aaa1e884907e
    • Instruction ID: f22fd40fe25cd8589ea8ab18f17200b538eab2d77226a05deacd2233b7f6659d
    • Opcode Fuzzy Hash: 393f8ea6ee360bf2cb1e64f9b0cdd76b5dd83739a7a180c3ab97aaa1e884907e
    • Instruction Fuzzy Hash: B531D371404344AFEB228B65CD44FA7BFACEF45220F0448AAF985CB652D234A909CB71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 28 12bab76-12bac67 CreatePipe
    APIs
    • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 012BAC36
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CreatePipe
    • String ID:
    • API String ID: 2719314638-0
    • Opcode ID: a393aeafa6d658a23103b185c034c34bb9983b24372aeb284cc28c55ab68eaaa
    • Instruction ID: ba1f6a92e76a399dab6e2cd869d611c95c745cc3d2c42f5bb691607a4e0cb009
    • Opcode Fuzzy Hash: a393aeafa6d658a23103b185c034c34bb9983b24372aeb284cc28c55ab68eaaa
    • Instruction Fuzzy Hash: FB31A17150D3C06FC3138B258C65A65BFB4EF47210F1A84CBD8C4CF5A3D2296919C762

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 33 12ba5dc-12ba656 37 12ba65b-12ba667 33->37 38 12ba658 33->38 39 12ba669 37->39 40 12ba66c-12ba675 37->40 38->37 39->40 41 12ba677-12ba69b CreateFileW 40->41 42 12ba6c6-12ba6cb 40->42 45 12ba6cd-12ba6d2 41->45 46 12ba69d-12ba6c3 41->46 42->41 45->46
    APIs
    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 012BA67D
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: e9df6749a929cf030961e52038ee487a17c57ce4b124aa27fbe33d1172032bd1
    • Instruction ID: 8fd8d9e55e3085295f515ab234aa4c094b4e66191047dc69bcfc2f18b0e2a1c8
    • Opcode Fuzzy Hash: e9df6749a929cf030961e52038ee487a17c57ce4b124aa27fbe33d1172032bd1
    • Instruction Fuzzy Hash: 6E3195B1505340AFE722CF65DD84FA2BFE8EF45210F04889DE9858B652D375E509CB71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 49 12ba120-12ba1f3 FindNextFileW
    APIs
    • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 012BA1C2
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FileFindNext
    • String ID:
    • API String ID: 2029273394-0
    • Opcode ID: a44eb7eb8f1860c5e70a8a71fdd5b9e94ee24dcc017d998093c74e10af54abbc
    • Instruction ID: a230321047eabc004ae085d8f430bedbd62534f56c9731c969458560a33659be
    • Opcode Fuzzy Hash: a44eb7eb8f1860c5e70a8a71fdd5b9e94ee24dcc017d998093c74e10af54abbc
    • Instruction Fuzzy Hash: 2D21C47150D3C06FD3128B258C51BA6BFB8EF87610F1945DBD884CF693D225A919C7A2

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 71 12bad2a-12bad9f 75 12bada1-12bada9 DuplicateHandle 71->75 76 12badf7-12badfc 71->76 78 12badaf-12badc1 75->78 76->75 79 12badfe-12bae03 78->79 80 12badc3-12badf4 78->80 79->80
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 012BADA7
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: e0843fe4a3ef6950b531339d294704a538139a34cbadc8183d716e403e110b20
    • Instruction ID: d4466d7088e664160398281010ef4ea70948564a1f88d3df491e4bd56f8caeb3
    • Opcode Fuzzy Hash: e0843fe4a3ef6950b531339d294704a538139a34cbadc8183d716e403e110b20
    • Instruction Fuzzy Hash: 3821E272500205AFEB318F55CD85FABBBECEF04324F04882AE945CBA51D734E5088BB1

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 54 12ba370-12ba3cf 57 12ba3d1 54->57 58 12ba3d4-12ba3dd 54->58 57->58 59 12ba3df 58->59 60 12ba3e2-12ba3e8 58->60 59->60 61 12ba3ea 60->61 62 12ba3ed-12ba404 60->62 61->62 64 12ba43b-12ba440 62->64 65 12ba406-12ba419 RegQueryValueExW 62->65 64->65 66 12ba41b-12ba438 65->66 67 12ba442-12ba447 65->67 67->66
    APIs
    • RegQueryValueExW.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA40C
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: QueryValue
    • String ID:
    • API String ID: 3660427363-0
    • Opcode ID: a0e1f3089288eff7de5673e901c75c81155b3058cc33bb6776686487a4498859
    • Instruction ID: c9192f549d95452f9e12805ab0c92a9a8451996808bb91322cd2a136e11b3815
    • Opcode Fuzzy Hash: a0e1f3089288eff7de5673e901c75c81155b3058cc33bb6776686487a4498859
    • Instruction Fuzzy Hash: 1F217C71505344AFE721CF15CC84FA2BBF8EF45710F08849AEA85CB692D364E908CB61

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 84 12bb276-12bb2eb 88 12bb2ed-12bb2f5 DuplicateHandle 84->88 89 12bb343-12bb348 84->89 90 12bb2fb-12bb30d 88->90 89->88 92 12bb34a-12bb34f 90->92 93 12bb30f-12bb340 90->93 92->93
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 012BB2F3
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: 25bd04023d035842d7bb41651a92db182a277dd317dc5e3f17e6143e996aded7
    • Instruction ID: 0e692f4414a37870fb2d1151d0ef809de5cdb6b931652f09133685cc34cc2429
    • Opcode Fuzzy Hash: 25bd04023d035842d7bb41651a92db182a277dd317dc5e3f17e6143e996aded7
    • Instruction Fuzzy Hash: D921B072500204AFEB318F65DD85FAABBECEF04324F04886AE945CBA51D774E5088BA1

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 97 12ba850-12ba8d6 101 12ba91a-12ba91f 97->101 102 12ba8d8-12ba8f8 SetFilePointer 97->102 101->102 105 12ba8fa-12ba917 102->105 106 12ba921-12ba926 102->106 106->105
    APIs
    • SetFilePointer.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA8DE
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FilePointer
    • String ID:
    • API String ID: 973152223-0
    • Opcode ID: 2a1b26af1a2e77560d62bc93c32720d30cab1665bfafe42928991cd7477638e4
    • Instruction ID: 9d2806f12914089ea1ed330065a131685d32f6fa430690310591a1c94cdd9e4a
    • Opcode Fuzzy Hash: 2a1b26af1a2e77560d62bc93c32720d30cab1665bfafe42928991cd7477638e4
    • Instruction Fuzzy Hash: FA21C1714093806FE7228B54DC84FA2BFB8EF46714F0988EAE984CB653C234A909C771

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 109 12ba933-12ba9b9 113 12ba9bb-12ba9db WriteFile 109->113 114 12ba9fd-12baa02 109->114 117 12ba9dd-12ba9fa 113->117 118 12baa04-12baa09 113->118 114->113 118->117
    APIs
    • WriteFile.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA9C1
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FileWrite
    • String ID:
    • API String ID: 3934441357-0
    • Opcode ID: c4b63fc494f50013e25b255d71c846dc6fdb5f8b7ddd03b2a4e68cb8a7c62d5b
    • Instruction ID: 29e8c472ac08e397353e20aa661e4342dd7b477d8e5d885ad45cbc6174341a3b
    • Opcode Fuzzy Hash: c4b63fc494f50013e25b255d71c846dc6fdb5f8b7ddd03b2a4e68cb8a7c62d5b
    • Instruction Fuzzy Hash: 5321B271409380AFEB22CF55CD44F96BFB8EF46314F08889AE9859F652C275A508CB71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 121 12ba5fe-12ba656 124 12ba65b-12ba667 121->124 125 12ba658 121->125 126 12ba669 124->126 127 12ba66c-12ba675 124->127 125->124 126->127 128 12ba677-12ba67f CreateFileW 127->128 129 12ba6c6-12ba6cb 127->129 130 12ba685-12ba69b 128->130 129->128 132 12ba6cd-12ba6d2 130->132 133 12ba69d-12ba6c3 130->133 132->133
    APIs
    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 012BA67D
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: 1ba53eb3084aa478caf30c3870894d9624cbce1fe5a9051821fab2a6a7d2362f
    • Instruction ID: a8dae3b9231426e0b4fa338c4cb8fa5a3a44e72ee4dd5fc4037a38406fbd66a5
    • Opcode Fuzzy Hash: 1ba53eb3084aa478caf30c3870894d9624cbce1fe5a9051821fab2a6a7d2362f
    • Instruction Fuzzy Hash: 902192B1500204AFEB21CF69DD85FA6FBE8EF48310F048869EA458BB52D775E508CB71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 136 12ba78f-12ba80d 140 12ba80f-12ba822 GetFileType 136->140 141 12ba842-12ba847 136->141 142 12ba849-12ba84e 140->142 143 12ba824-12ba841 140->143 141->140 142->143
    APIs
    • GetFileType.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA815
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FileType
    • String ID:
    • API String ID: 3081899298-0
    • Opcode ID: 6bc94a40406367746769d1871ed31a061b4c1671e8524c497db672cf2f62829a
    • Instruction ID: 3eb8f3d6792bc956df8f5ae4dfc878c2e68c5986f1978112eb45c022ba9ef9e2
    • Opcode Fuzzy Hash: 6bc94a40406367746769d1871ed31a061b4c1671e8524c497db672cf2f62829a
    • Instruction Fuzzy Hash: 9E21D5B54093806FE7228B55DC80BA2BFB8DF46314F0884DAE9858B693D274A909C771

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 147 12baa0b-12baa6a 149 12baa6f-12baa75 147->149 150 12baa6c 147->150 151 12baa7a-12baa83 149->151 152 12baa77 149->152 150->149 153 12baa85-12baaa5 CreateDirectoryW 151->153 154 12baac4-12baac9 151->154 152->151 157 12baacb-12baad0 153->157 158 12baaa7-12baac3 153->158 154->153 157->158
    APIs
    • CreateDirectoryW.KERNELBASE(?,?), ref: 012BAA8B
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CreateDirectory
    • String ID:
    • API String ID: 4241100979-0
    • Opcode ID: e9d15e4bde53237df3de919c9fcf51b66f5dc17b0788375eb6c31b4a9b976b5c
    • Instruction ID: bb22eaf0085ad094ed270b4aa03c52a575fe81bb4d153c66f8776cd6c6b1b0a2
    • Opcode Fuzzy Hash: e9d15e4bde53237df3de919c9fcf51b66f5dc17b0788375eb6c31b4a9b976b5c
    • Instruction Fuzzy Hash: EF2183715083C15FE712CB29DD95B92BFE8AF06314F0D84EAE984CB253D225D949CB71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 160 12ba392-12ba3cf 162 12ba3d1 160->162 163 12ba3d4-12ba3dd 160->163 162->163 164 12ba3df 163->164 165 12ba3e2-12ba3e8 163->165 164->165 166 12ba3ea 165->166 167 12ba3ed-12ba404 165->167 166->167 169 12ba43b-12ba440 167->169 170 12ba406-12ba419 RegQueryValueExW 167->170 169->170 171 12ba41b-12ba438 170->171 172 12ba442-12ba447 170->172 172->171
    APIs
    • RegQueryValueExW.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA40C
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: QueryValue
    • String ID:
    • API String ID: 3660427363-0
    • Opcode ID: 6414f2c83ab1448c67ebcc010b802dda4bf70fa28467fcb5e88f95d750a3892b
    • Instruction ID: f4b197b71882560d15fe1c60001240cd6754d7279283fb510c8b3041fbbf5b24
    • Opcode Fuzzy Hash: 6414f2c83ab1448c67ebcc010b802dda4bf70fa28467fcb5e88f95d750a3892b
    • Instruction Fuzzy Hash: CC218E756003049FE731CF19DD85FA6BBECEF04750F08846AEA468B651D7B4E909CA71

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 176 12ba962-12ba9b9 179 12ba9bb-12ba9c3 WriteFile 176->179 180 12ba9fd-12baa02 176->180 182 12ba9c9-12ba9db 179->182 180->179 183 12ba9dd-12ba9fa 182->183 184 12baa04-12baa09 182->184 184->183
    APIs
    • WriteFile.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA9C1
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FileWrite
    • String ID:
    • API String ID: 3934441357-0
    • Opcode ID: 929d8c4df686d41f5d7bf11778c7a80c111827bca7d06d49d6a2bfc1f2a00851
    • Instruction ID: ba7dd1f289cb09ad35f3fc7f5b75784303e2f00331457bcdf6478243d594f098
    • Opcode Fuzzy Hash: 929d8c4df686d41f5d7bf11778c7a80c111827bca7d06d49d6a2bfc1f2a00851
    • Instruction Fuzzy Hash: 14112772500300AFEB31CF55DD81FA6FBE8EF04724F04886AEA458BA45C375A508CBB1
    APIs
    • SetFilePointer.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA8DE
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FilePointer
    • String ID:
    • API String ID: 973152223-0
    • Opcode ID: c9011a4cedcb7989c448810cba56dd47cfba75c97ae2bfad0f63940abfb36742
    • Instruction ID: a3789b54993806eaac408ba973e2d248632f7baeb910866ef2aa006a6127f131
    • Opcode Fuzzy Hash: c9011a4cedcb7989c448810cba56dd47cfba75c97ae2bfad0f63940abfb36742
    • Instruction Fuzzy Hash: 0511E771500300AFEB21CF59DD85FA6FBE8EF44324F04886AE9459BA45C375A5088BB1
    APIs
    • SetErrorMode.KERNELBASE(?), ref: 012BA30C
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: ErrorMode
    • String ID:
    • API String ID: 2340568224-0
    • Opcode ID: 243c93fd0a85232c78aec961f6b3e4afa4787a34ef8e1ac3b9464966e9de0923
    • Instruction ID: 715f459a17a2dc1b0c2b529cd5670dba0545e9fd0add83a10c9f32e7dba8cd83
    • Opcode Fuzzy Hash: 243c93fd0a85232c78aec961f6b3e4afa4787a34ef8e1ac3b9464966e9de0923
    • Instruction Fuzzy Hash: F81191754093C09FD7228B25DC94A92BFB4DF47220F0980DBD9858F263D275A808CB62
    APIs
    • GetSystemInfo.KERNELBASE(?), ref: 012BB208
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: InfoSystem
    • String ID:
    • API String ID: 31276548-0
    • Opcode ID: 4c1c7c834f43f98619d15ca9ab4fc8e5b0b0c3ea0b973c1c0d1c830dc10a2ea6
    • Instruction ID: e8bb5e2d7c842fbac3ba544dc80264d3aad15d72cc21e52657f488e5e93ed1cb
    • Opcode Fuzzy Hash: 4c1c7c834f43f98619d15ca9ab4fc8e5b0b0c3ea0b973c1c0d1c830dc10a2ea6
    • Instruction Fuzzy Hash: 84117C715093809FDB128F15DD84B56BFB4DF46220F0884EAED898F257D275A908CB62
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CloseFind
    • String ID:
    • API String ID: 1863332320-0
    • Opcode ID: 51a79fd022eaf58dc62b3bafc85cfb8837f17a581a208385bbeef6a531546c25
    • Instruction ID: 5274a6a21df6941019a01db4fb5fabe9d5811af249f12bbedb153e6570a2bc0f
    • Opcode Fuzzy Hash: 51a79fd022eaf58dc62b3bafc85cfb8837f17a581a208385bbeef6a531546c25
    • Instruction Fuzzy Hash: 7411A0715093C09FD7128B25DC85B52BFF4EF06220F0984DAED858B263D275A848DB61
    APIs
    • GetFileType.KERNELBASE(?,00000E24,214F019D,00000000,00000000,00000000,00000000), ref: 012BA815
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FileType
    • String ID:
    • API String ID: 3081899298-0
    • Opcode ID: 9cc01260f97e0d3a60539cebeb9f03452bfa14e3ddc2db0e9903497aef871105
    • Instruction ID: 8e683800311e5a6d3e4299ac383c171046a3261ab742a2c666aceeebc828d9fc
    • Opcode Fuzzy Hash: 9cc01260f97e0d3a60539cebeb9f03452bfa14e3ddc2db0e9903497aef871105
    • Instruction Fuzzy Hash: 1701C471504304AEE721CB09DD85BA6BBD8DF44724F088466EE058BB45D774A9088AB5
    APIs
    • CreateDirectoryW.KERNELBASE(?,?), ref: 012BAA8B
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CreateDirectory
    • String ID:
    • API String ID: 4241100979-0
    • Opcode ID: ac8479da9c3221747fd255366312c4df5695a2aac72e4978e9fc6108d9c506ed
    • Instruction ID: 27800363c0bc5295fc1513b7220dc9476afcfaa66e8e4c637fe5a6ba743503f8
    • Opcode Fuzzy Hash: ac8479da9c3221747fd255366312c4df5695a2aac72e4978e9fc6108d9c506ed
    • Instruction Fuzzy Hash: 6211A5716142419FEB10CF19D985796FBE8EF04350F08C4AADE09CB746E274E504CB71
    APIs
    • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 012BAC36
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CreatePipe
    • String ID:
    • API String ID: 2719314638-0
    • Opcode ID: 22293053b690f774583709e4b5c74f720d3b453331cc2e1b870311dc663a247b
    • Instruction ID: c1cbd18ed20fb2bba1d213fda151c9d7137f0a6c4f8b23a7d9b5e1e51aa48337
    • Opcode Fuzzy Hash: 22293053b690f774583709e4b5c74f720d3b453331cc2e1b870311dc663a247b
    • Instruction Fuzzy Hash: AC01B171600201ABD310DF16CD85B66FBE8FB88A20F14856AEC089BB45D735F915CBE1
    APIs
    • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 012BA1C2
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: FileFindNext
    • String ID:
    • API String ID: 2029273394-0
    • Opcode ID: bec4105392cc7f139492fb6e6464d43282e05149ac02cfecf304093c8c54e59d
    • Instruction ID: 43d82ffa11a525aaf40e235320a9735f58a4cddc721ff2e6ebc5dc7f7cc70ed2
    • Opcode Fuzzy Hash: bec4105392cc7f139492fb6e6464d43282e05149ac02cfecf304093c8c54e59d
    • Instruction Fuzzy Hash: A701B171600201ABD310DF16CD85B66FBE8EB88A20F14856AEC089BB45D735F915CBE1
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CloseFind
    • String ID:
    • API String ID: 1863332320-0
    • Opcode ID: 398a35aaeaef479ed4bbc0e7a002fff0751cb0b0d115523da6c99b2313245154
    • Instruction ID: a0e862b4422521147c38e1337b65b6022ee70bce44557d2ddc86201d6827a4e1
    • Opcode Fuzzy Hash: 398a35aaeaef479ed4bbc0e7a002fff0751cb0b0d115523da6c99b2313245154
    • Instruction Fuzzy Hash: 2601F4755142458FDB208F19D9C57A6FBE4EF04320F08C4AADE498B792D276E848CEA2
    APIs
    • SetErrorMode.KERNELBASE(?), ref: 012BA30C
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: ErrorMode
    • String ID:
    • API String ID: 2340568224-0
    • Opcode ID: 703bd709eb688bb16b608c6fc4ba5b615a6de5f12fcfdb8b16325319f8ea1a35
    • Instruction ID: ec307113f40ad3dbdf4020f4d7b931c310144a421eab7a13c6570e8fdf6d4a60
    • Opcode Fuzzy Hash: 703bd709eb688bb16b608c6fc4ba5b615a6de5f12fcfdb8b16325319f8ea1a35
    • Instruction Fuzzy Hash: 8AF0FF318142408FDB208F0AD9857A1FBE0EF04720F08C0AACE080B756D3B9E448CAA2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID: \Ok
    • API String ID: 0-3677890257
    • Opcode ID: 0c87c6fc6c426f07f4a6eaae6d403528837b616d761437912b73ef7959d84624
    • Instruction ID: 49f42116e84668a8aa273a6b510014ed8e15194b3bbeab2c6f72f8a8c5ca7f86
    • Opcode Fuzzy Hash: 0c87c6fc6c426f07f4a6eaae6d403528837b616d761437912b73ef7959d84624
    • Instruction Fuzzy Hash: 9DA15C30B102058BDB14AFB895597BE77E6FBC4308F148839EA06AB794DB7C9C41CB95
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID: [M-
    • API String ID: 0-1270787354
    • Opcode ID: ae9aea124169f18c46e4796262f2aa0b90091128f9012ea4af1d1268957c04e5
    • Instruction ID: 042e356596aeffc680205d84722dc27ad26b5baa8db2da1c0c2d6dadbaea50e9
    • Opcode Fuzzy Hash: ae9aea124169f18c46e4796262f2aa0b90091128f9012ea4af1d1268957c04e5
    • Instruction Fuzzy Hash: FF21F631B042158BDB15EB3984516EE7FD6ABE5244F44482DD145DB380DB3AAD0287A1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID: [M-
    • API String ID: 0-1270787354
    • Opcode ID: 011d414e84812d8ae5db104ad617085dc686625e98310bba6cc32fc0cf28d8b8
    • Instruction ID: ba8a3a53f2be20beb5a614415bf9bd72a365d70106647703dd4e9663dc5bae24
    • Opcode Fuzzy Hash: 011d414e84812d8ae5db104ad617085dc686625e98310bba6cc32fc0cf28d8b8
    • Instruction Fuzzy Hash: D1210531B006148BCB24EB3985506EEBBD7AFD5248B44883DD146EB780DF3DAD0687D1
    APIs
    • CloseHandle.KERNELBASE(?), ref: 012BA748
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CloseHandle
    • String ID:
    • API String ID: 2962429428-0
    • Opcode ID: 12b8f06856e3308662bb1d39fcd9e655ce6af2a77eee8949a14fcb44313d0cfa
    • Instruction ID: 0a62f76312e3aef6f3d424031593a3b1d4bb54a6e90cf9f84974aa6a751b1bed
    • Opcode Fuzzy Hash: 12b8f06856e3308662bb1d39fcd9e655ce6af2a77eee8949a14fcb44313d0cfa
    • Instruction Fuzzy Hash: F62192B59097C05FD7138B25DC95692BFB8EF07320F0984DADD858F6A3D274A908CB62
    APIs
    • CloseHandle.KERNELBASE(?), ref: 012BA748
    Memory Dump Source
    • Source File: 00000000.00000002.4142481722.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12ba000_unarchiver.jbxd
    Similarity
    • API ID: CloseHandle
    • String ID:
    • API String ID: 2962429428-0
    • Opcode ID: 5fbb739e28f49560b76c14587cab112d45e95067d07dd242347b282541fac751
    • Instruction ID: 1f77ee2d2cfa2cbb937ed99ad6463ca6fbf9b2ebd8246da919e47d0a40c0107e
    • Opcode Fuzzy Hash: 5fbb739e28f49560b76c14587cab112d45e95067d07dd242347b282541fac751
    • Instruction Fuzzy Hash: 5001F7719142408FDB10CF19D9857A9FBE4DF04320F08C4BADD0A8F746D275E504CBA1
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cba743740a1ea7365645847a446a2f1a67d27b54e67169095239bbd23c2df779
    • Instruction ID: a988db9ebfac35a77cea1c94ee5c3c572f15d7523b70162274147bd0711c2820
    • Opcode Fuzzy Hash: cba743740a1ea7365645847a446a2f1a67d27b54e67169095239bbd23c2df779
    • Instruction Fuzzy Hash: 25B15E35620610CFC724DF68E95CA9E7BB2FF89254B50857CEA06AB395DB3C9C01CB94
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ac3647867cf4cd4fef23e890c335b591366a4cd0829b9a5d7f5d53dca33b045c
    • Instruction ID: e9c5f382c4d778d165a4d61637f53c26224e56f18ef1ec53bcf7d879a3f7f9d5
    • Opcode Fuzzy Hash: ac3647867cf4cd4fef23e890c335b591366a4cd0829b9a5d7f5d53dca33b045c
    • Instruction Fuzzy Hash: C7118F31A10118AFCF049BB4D8599DE77F6FB88214B154979E205E7360EB39AC058BC0
    Memory Dump Source
    • Source File: 00000000.00000002.4142741007.0000000001580000.00000040.00000020.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1580000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 426fca96d2590f7fe9868d1fe4a9a347ed5956be54783f5ece84878a9844395e
    • Instruction ID: 959c0e2a0270118864bd05bed8476823bee94dbdc8610abb3e2a67724bfc3c94
    • Opcode Fuzzy Hash: 426fca96d2590f7fe9868d1fe4a9a347ed5956be54783f5ece84878a9844395e
    • Instruction Fuzzy Hash: 87018FB24093446FD700CF05AD45C56BBECEB95620F04C56EEC4887A45E27AB9188BB2
    Memory Dump Source
    • Source File: 00000000.00000002.4142741007.0000000001580000.00000040.00000020.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1580000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8da3119bda9a35c4c843b5bfef76520bbc2a8eef0d36045f11cc40f9ca04775a
    • Instruction ID: 3e0a852d04198e44a847a165310e4b220ece52861255ad314cb0b21f00945375
    • Opcode Fuzzy Hash: 8da3119bda9a35c4c843b5bfef76520bbc2a8eef0d36045f11cc40f9ca04775a
    • Instruction Fuzzy Hash: 90F086B65097845FD7118F06AC44862FFA8DA86620749C4ABE84D9B652D225B908CBB1
    Memory Dump Source
    • Source File: 00000000.00000002.4142741007.0000000001580000.00000040.00000020.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1580000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 79a3e126e913687d51c74be86257ef07bd84f53b9ad7e83a99a497276ae10145
    • Instruction ID: 96e5852aab6df372763e8509ef30ca7c3a33861deeb9ca4df22e1c0135580b2a
    • Opcode Fuzzy Hash: 79a3e126e913687d51c74be86257ef07bd84f53b9ad7e83a99a497276ae10145
    • Instruction Fuzzy Hash: ACF082B2815204AB9300DF05ED45856F7ECDF94521F04C56AEC4C8B704E27AB9198AE2
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bb457d6d2ef6fd9513f38bf88dde74a84349b9909ff572a2db1805d1e035ff03
    • Instruction ID: f1d6798c1c4f2f834e323bf3afa81d5bf08233bad5ba8223da62daf2590630c3
    • Opcode Fuzzy Hash: bb457d6d2ef6fd9513f38bf88dde74a84349b9909ff572a2db1805d1e035ff03
    • Instruction Fuzzy Hash: 15E04F72F142542BCF04DBF958511AE7FA5DB86164B554879D108DB341EA3999078780
    Memory Dump Source
    • Source File: 00000000.00000002.4142741007.0000000001580000.00000040.00000020.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1580000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4bfb9e4d20c692b15bc0035a8e92e9657819081bc463f2a0c1585a42ffcbb7f5
    • Instruction ID: 8e24638fb85898106abd7ae2e3e870e3ab0c494217466ddb870932740a1111ee
    • Opcode Fuzzy Hash: 4bfb9e4d20c692b15bc0035a8e92e9657819081bc463f2a0c1585a42ffcbb7f5
    • Instruction Fuzzy Hash: 8FE092B66006044B9750CF0BED81452F7D8EB84630708C47FDC0D8B701D23AB508CAA5
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 20b9168cc5cd1998659c650f5d005753fd614de6ad96e8d298e7ebc44e930ba4
    • Instruction ID: 0159633529230451f78bd4c0540e53d2696250a5bcaa097081511b4b0b5a4d21
    • Opcode Fuzzy Hash: 20b9168cc5cd1998659c650f5d005753fd614de6ad96e8d298e7ebc44e930ba4
    • Instruction Fuzzy Hash: A3D01271F042182B8F54DFF958415AEBAEA9B85164B65447D9009D7340EE3999428790
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 46b9e2c2aa3b77d856fbe9ed69a0e3f886365f9c606863bfd6086e5c5376325d
    • Instruction ID: 7cde55d16b4774fcf0880f5c876163da15cd67f7cf385b80c464f4c3bd48c1bf
    • Opcode Fuzzy Hash: 46b9e2c2aa3b77d856fbe9ed69a0e3f886365f9c606863bfd6086e5c5376325d
    • Instruction Fuzzy Hash: 2EE0C2302883444FCB035B38A82D5A93F516BE1114F8A88D9D1044F3A3D639EC41D3D1
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a3668fe1f1e400d10b47f93f9cfb39e3b4f257ee6acf96dc0de40c79a17380a0
    • Instruction ID: c5383d93f7498eaf42d34ab116f4bee80877aa0bfe2d16fbd8daa1845e656820
    • Opcode Fuzzy Hash: a3668fe1f1e400d10b47f93f9cfb39e3b4f257ee6acf96dc0de40c79a17380a0
    • Instruction Fuzzy Hash: 14D02B312253844FCB038774982959C3F607BE6204F89C1D5CA844F3A3C638DC01C381
    Memory Dump Source
    • Source File: 00000000.00000002.4142465562.00000000012B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B2000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12b2000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9d88cab76074753f574ff588df067978f636ab8703ab68ef2cdb155944b8a5b3
    • Instruction ID: 60147dac137bbb8a4905ea219d84b537293048c0a8516a3a76db3dc6a3396c49
    • Opcode Fuzzy Hash: 9d88cab76074753f574ff588df067978f636ab8703ab68ef2cdb155944b8a5b3
    • Instruction Fuzzy Hash: B0D0C7392007A28EE3228A0CC2A4BC63BB4AB60704F0A44B9A8008BB62C72CE4C0C200
    Memory Dump Source
    • Source File: 00000000.00000002.4142465562.00000000012B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B2000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_12b2000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2ada4b235757ac5bbf7f9e455b0a5f4473b4a9772c67fbecc40bb1bb2eee82c0
    • Instruction ID: 6147adfa6c645a40d11f3376c2afba26f175e351eb14584fedca0c30f7842ab3
    • Opcode Fuzzy Hash: 2ada4b235757ac5bbf7f9e455b0a5f4473b4a9772c67fbecc40bb1bb2eee82c0
    • Instruction Fuzzy Hash: 10D05E352012828BD725DB0CC2D4F993BD4AB44714F0644E8BD108B762C7A4E8C0DA00
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6bd50b5b8210465bac11b03a756d8c8e0d714e6304fdca9767a8c9af783c2405
    • Instruction ID: fe8951d26e4bc90cbefc43e3c6084b9e64e438253d50c9830c4fe9948690078a
    • Opcode Fuzzy Hash: 6bd50b5b8210465bac11b03a756d8c8e0d714e6304fdca9767a8c9af783c2405
    • Instruction Fuzzy Hash: ADC012302502088FC7049B78D919A2D779567D4604FC4C16895081F3A1CA7CEC40C684
    Memory Dump Source
    • Source File: 00000000.00000002.4142780204.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_15a0000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 61ef04f6582c0f0ca1743e1c6889cf62c6dba7b8b892647c5cd1fea03b16f350
    • Instruction ID: 7f81261e39c5231c46f48fd2cda801038feb8f5d20272a502c3750bd47ac41cf
    • Opcode Fuzzy Hash: 61ef04f6582c0f0ca1743e1c6889cf62c6dba7b8b892647c5cd1fea03b16f350
    • Instruction Fuzzy Hash: C3C012302902088FD7049B78D919A2E779667D0614F85C56895091F3A1CA7CEC40D6C4